DNSstuff reports open DNS
lloyd thomas
lloydie.t at googlemail.com
Tue Jun 24 05:01:14 EDT 2008
Hi Sam,
Thanks for your interest. I am sure i'm using maradns-1-3-07-08.
I have tried doing test with some other web-based DNS tests and they all
seem to give varying advice. I will probably go with what I have set up and
see what occurs
2008/6/23 Sam Trenholme <strenholme.usenet at gmail.com>:
> Which version of MaraDNS are you using. 1.2.12.09 gives a different
> value for RA than 1.2.12.08, for example, since this was causing some
> issues with embedded routers that actually check this bit.
>
> Basically, there's tree branches of MaraDNS:
>
> 1.2.12
> 1.3.07
> 1.3.(greater than 07)
>
> In 1.2.12.09, 1.3.07.07, and 1.3.11, the RA value was changed. As I
> recall, RA is cleared when sending an authoritative answer and set
> when sending a recursive answer (ideally, we should have RA be set if
> the client is allowed to recurse, but this fix seems to fix all
> real-world problems).
>
> Basically, I feel things like dnsreport.com and dnsstuff.com are
> pedantic, and don't consider problems with those web-DNS-reports that
> aren't real-world problems bugs (dnsreport.com, for no good reason,
> wants serial numbers in YYYYMMDDSS format).
>
> - Sam
>
> 2008/6/21 Lloyd Thomas <lloydie.t at googlemail.com>:
> > I tried DIG from a different server. The results are slightly different
> as
> > your first query said 'WARNING: recursion requested but not available
> >
> > ' at the end of the query and status was 'NOERROR'.
> >
> >
> >
> > From: Remco Rijnders [mailto:remco at webconquest.com]
> > Sent: 21 June 2008 16:53
> > To: Lloyd Thomas
> > Subject: Re: DNSstuff reports open DNS
> >
> >
> >
> >
> >
> > Op 21 jun 2008, om 17:38 heeft Lloyd Thomas het volgende geschreven:
> >
> >> Just tried DIG myself using maradns and got the following response.
> >> ------------------------------------------
> >> root at dnsserver:/# dig TXT webconquest.com @85.234.142.68
> >>
> >> ; <<>> DiG 9.3.2 <<>> TXT webconquest.com @85.234.142.68
> >> ; (1 server found)
> >> ;; global options: printcmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 52964
> >> ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >> ;; Query time: 75 msec
> >> ;; SERVER: 85.234.142.68#53(85.234.142.68)<http://85.234.142.68#53%2885.234.142.68%29>
> >> ;; WHEN: Sat Jun 21 16:31:03 2008
> >> ;; MSG SIZE rcvd: 12
> >> -------------------------------------
> >>
> >> So it looks as though it will not return results, but it does
> >> advertise as a
> >> open DNS and by what DNSstuff has recommended this is not
> >> recommended. I
> >> will leave it running for a little if you want to have another look.
> >>
> >> Many thanks
> >>
> >> Lloyd
> >
> > Not copying the list this time as I don't want to annoy too many
> > people while we try to figure this out...
> >
> > This server you're running dig from, it is not the nameserver itself
> > is it?
> >
> > I still get the same result using dig here as I did before:
> >
> > Macintosh:~ remmy$ dig TXT webconquest.com @85.234.142.68
> >
> > ; <<>> DiG 9.4.1-P1 <<>> TXT webconquest.com @85.234.142.68
> > ; (1 server found)
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 62330
> > ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; Query time: 25 msec
> > ;; SERVER: 85.234.142.68#53(85.234.142.68)<http://85.234.142.68#53%2885.234.142.68%29>
> > ;; WHEN: Sat Jun 21 17:52:58 2008
> > ;; MSG SIZE rcvd: 12
> >
> >
> > Cheers,
> >
> > Remco
> >
> >
>
More information about the list
mailing list