[BlueOnyx:11719] Re: help with /var/log/messages? dns issue?

Wed Nov 28 17:43:11 -05 2012

On 11/28/2012 3:52 PM, George F. Nemeyer wrote:
> On Wed, 28 Nov 2012, Chris Gebhardt - VIRTBIZ Internet wrote:
>
>> Yeah, this does look like a DNS issue.  From the looks of things, there
>> are some recursive lookups that are attempting to be done.
> Also, that the servers being queried are not authoritative and/or are just
> broken or lame.
>
> You can Google the error messages (like unexpected RCODE REFUSED) for a
> better insight.
>
>> Hopefully, you're blocking recursives by un-checking the "Cache Record
>> Lookups" box at Network Services > DNS > Advanced.
> If you need this box to do recursions (i.e. it's the machine is pointed to
> for DNS by other machines on your network), be sure you put the
> IP's/networks of those machines *allowed* to do recursion in the box:
>
> "Query Request Recursion Access by IP Address"
>
> You can enter individual IPs, or networks by baseIP/xx notation, or with
>
> localhost          (allows the machine itself to do recursion lookups)
> localnets          (the network(s) the machine lives in)
>
> in the box.
>
> You should never allow outside machines to query for anything other than
> the networks/hosts you are authoritative for.  DNS DoS attacks are
> increasingly common, and having an open recursive server is as bad as the
> once common practice of providing open e-mail relying.  In fact, it can be
> worse, since most DNS activity isn't logged, so DNS amplifier attacks can
> persist and not be readily noticed on a busy machine.
>
> Allowing outside cache queries/recursion leaves you wide open for exploit.

George & all,

To fill you in...

the reason recursion has always been checked for me was because the guy
who helped me setup my old raq500 had it checked. 

If I ever unchecked it my old machine would not be able to ping the
outside world, mail would break, the phone would start ringing
(customers having issues)

I would panic and check it and all would be well

BX today

The day started with the recursion box checked

Last night I noticed massive entries to /var/messages. 

Got on today and the same thing.

I unchecked the box after Chris recommended it but sure enough after
some time... clients were calling, mail was stuck in the q, and I Was
NOT able to ping any machine outside my simple two machine network. 

Hmm...? didn't try to ping my collo guys machines above me during this
time period.

Anyway, after a bit of time and a reboot of both machines to see if
maybe it would fix itself.... ?
NOPE.... I had to check the box again to get things working (mail
flowing, ability to ping the world).

Notes:

Machine 1
cabin1.oldcabin.net
69.8.136.252
(hosts web and email)

tcp/ip setup snip for machine 1
I have the ip 69.8.136.202 entered into the "DNS Servers" area in the GUI.
(If I remove this this machine can not ping the world)

Machine 2
cabin2.oldcabin.net
69.8.136.129
(hosts web, email, and is my primary DNS server)

tcp/ip setup snip for machine 2
I have the ip 69.8.136.202 entered into the "DNS Servers" area in the GUI.
(If I remove this this machine can not ping the world)

DNS
Primary: ns.oldcabin.net 698.136.202  (this is on cabin2.oldcabin.net)
Secondary:  puck.nether.net

I have the ip "204.42.254.5" entered in Zone Transfer Access by IP
Address area in the GUI so I can use puck.nether.net

I want t o have the recursion box UN checked but can't

If I haven't said it to you before....

Agriculture major here who happened to get involved with the internet as
it started by getting a DEC alpha. 
Loved it ever since but..... lacking some knowledge especially this
issue which has plagued me since I started doing my own dns on my 550
(which was probably setup wrong to begin with)

Thanks

--Tim

> =^_^=  Tigerwolf
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>