[BlueOnyx:11716] Re: help with /var/log/messages? dns issue?

[George F. Nemeyer]

On Wed, 28 Nov 2012, Chris Gebhardt - VIRTBIZ Internet wrote:

> Yeah, this does look like a DNS issue.  From the looks of things, there
> are some recursive lookups that are attempting to be done.

Also, that the servers being queried are not authoritative and/or are just
broken or lame.

You can Google the error messages (like unexpected RCODE REFUSED) for a
better insight.

> Hopefully, you're blocking recursives by un-checking the "Cache Record
> Lookups" box at Network Services > DNS > Advanced.

If you need this box to do recursions (i.e. it's the machine is pointed to
for DNS by other machines on your network), be sure you put the
IP's/networks of those machines *allowed* to do recursion in the box:

"Query Request Recursion Access by IP Address"

You can enter individual IPs, or networks by baseIP/xx notation, or with

localhost          (allows the machine itself to do recursion lookups)
localnets          (the network(s) the machine lives in)

in the box.

You should never allow outside machines to query for anything other than
the networks/hosts you are authoritative for.  DNS DoS attacks are
increasingly common, and having an open recursive server is as bad as the
once common practice of providing open e-mail relying.  In fact, it can be
worse, since most DNS activity isn't logged, so DNS amplifier attacks can
persist and not be readily noticed on a busy machine.

Allowing outside cache queries/recursion leaves you wide open for exploit.

=^_^=  Tigerwolf