DNSstuff reports open DNS

Sam Trenholme strenholme.usenet at gmail.com
Mon Jun 23 14:06:19 EDT 2008


Which version of MaraDNS are you using.  1.2.12.09 gives a different
value for RA than 1.2.12.08, for example, since this was causing some
issues with embedded routers that actually check this bit.

Basically, there's tree branches of MaraDNS:

1.2.12
1.3.07
1.3.(greater than 07)

In 1.2.12.09, 1.3.07.07, and 1.3.11, the RA value was changed.  As I
recall, RA is cleared when sending an authoritative answer and set
when sending a recursive answer (ideally, we should have RA be set if
the client is allowed to recurse, but this fix seems to fix all
real-world problems).

Basically, I feel things like dnsreport.com and dnsstuff.com are
pedantic, and don't consider problems with those web-DNS-reports that
aren't real-world problems bugs (dnsreport.com, for no good reason,
wants serial numbers in YYYYMMDDSS format).

- Sam

2008/6/21 Lloyd Thomas <lloydie.t at googlemail.com>:
> I tried DIG from a different server. The results are slightly different as
> your first query said 'WARNING: recursion requested but not available
>
> ' at the end of the query and status was 'NOERROR'.
>
>
>
> From: Remco Rijnders [mailto:remco at webconquest.com]
> Sent: 21 June 2008 16:53
> To: Lloyd Thomas
> Subject: Re: DNSstuff reports open DNS
>
>
>
>
>
> Op 21 jun 2008, om 17:38 heeft Lloyd Thomas het volgende geschreven:
>
>> Just tried DIG myself using maradns and got the following response.
>> ------------------------------------------
>> root at dnsserver:/# dig TXT webconquest.com @85.234.142.68
>>
>> ; <<>> DiG 9.3.2 <<>> TXT webconquest.com @85.234.142.68
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 52964
>> ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; Query time: 75 msec
>> ;; SERVER: 85.234.142.68#53(85.234.142.68)
>> ;; WHEN: Sat Jun 21 16:31:03 2008
>> ;; MSG SIZE  rcvd: 12
>> -------------------------------------
>>
>> So it looks as though it will not return results, but it does
>> advertise as a
>> open DNS and by what DNSstuff has recommended this is not
>> recommended. I
>> will leave it running for a little if you want to have another look.
>>
>> Many thanks
>>
>> Lloyd
>
> Not copying the list this time as I don't want to annoy too many
> people while we try to figure this out...
>
> This server you're running dig from, it is not the nameserver itself
> is it?
>
> I still get the same result using dig here as I did before:
>
> Macintosh:~ remmy$ dig TXT webconquest.com @85.234.142.68
>
> ; <<>> DiG 9.4.1-P1 <<>> TXT webconquest.com @85.234.142.68
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 62330
> ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; Query time: 25 msec
> ;; SERVER: 85.234.142.68#53(85.234.142.68)
> ;; WHEN: Sat Jun 21 17:52:58 2008
> ;; MSG SIZE  rcvd: 12
>
>
> Cheers,
>
> Remco
>
>


More information about the list mailing list