techrealm
msg:4513717 | 10:47 am on Oct 30, 2012 (gmt 0) |
With the OpenDns logo on this, I was unable to determine from the article mentioned that their servers contributed to these issues. As a OpenDns supporter and client am I missing something?
|
phranque
msg:4513728 | 11:04 am on Oct 30, 2012 (gmt 0) |
where is the logo?
that is an unfortunately-named brand!
however the story is about "open (lower case 'o') DNS resolvers"
open DNS resolvers are those which allow external requests for recursive domain name resolution.
you can test for open DNS recursion using the dig command:
dig @NAMESERVER.DNSPROVIDER.COM example.com
where NAMESERVER.DNSPROVIDER.COM is the DNS being tested such and example.com is a domain NOT using that nameserver.
|
phranque
msg:4513729 | 11:08 am on Oct 30, 2012 (gmt 0) |
btw this isn't something you can fix in the zone file - it's in the DNS (probably BIND) configuration.
in most cases this means you have to change your DNS provider to "fix it".
|
techrealm
msg:4513734 | 11:42 am on Oct 30, 2012 (gmt 0) |
The logo was on the WebmasterWorld home page highlighted features section. It was in the Domain Names section but I may have been in "hiding" so long I might not be aware if there are advertisements now tagged there.
|
phranque
msg:4513738 | 12:04 pm on Oct 30, 2012 (gmt 0) |
i didn't look on the home page before - that error should be resolved soon.
|
gpmgroup
msg:4514181 | 2:13 pm on Oct 31, 2012 (gmt 0) |
There doesn't seem to be a way on older servers to split/zone internal and external requests for recursive domain name resolution. The only solutions seem to be run internal and external requests on separate servers or upgrade the software.
|
phranque
msg:4514205 | 3:03 pm on Oct 31, 2012 (gmt 0) |
you simply disable external requests for recursive resolution.
what type of server?
|
gpmgroup
msg:4514221 | 3:44 pm on Oct 31, 2012 (gmt 0) |
| you simply disable external requests for recursive resolution |
|
That depends on what you class as "external", a local network is "external" to a server, however it may still need recursive resolution whereas you wouldn't want to allow recursive resolution to the "external" outside world.
Newer DNS servers solve this easily by allowing different configurations for different "zones"
|
phranque
msg:4514429 | 11:53 pm on Oct 31, 2012 (gmt 0) |
in that case, shut down port 53 at the firewall and allow "external" requests.
|
gpmgroup
msg:4514436 | 12:14 am on Nov 1, 2012 (gmt 0) |
A firewall is way too crude. It isn't capable of understanding if the request is for a non problematic authoritative answer as opposed to a recursive request.
|
phranque
msg:4514477 | 2:49 am on Nov 1, 2012 (gmt 0) |
maybe i misunderstood you - to me, "external" request means "external to the authority of that DNS", not "external to the network".
perhaps you need to disable recursion but configure a forwarder to handle "external" requests.
|
|
