DNS Question (quite a bit OT)
Brad Knowles
brad.knowles at skynet.be
Wed Jul 23 10:14:55 PDT 2003
At 6:55 PM +0200 2003/07/23, Nils Holland wrote:
> What you have found out is actually correct, and that's the problem,
> because you I want to change it. The nameservers currently "responsible"
> for thunderbridge.de are ns{1,2}.modwest.com.
Ahh, okay. I missed that part. Sorry!
> It has also been set up
> Concerning the other "oddities" you have discovered: I don't care much
> about Modwest once I'm out of there, but I will let the loadbalanced.net
> folks know about them.
Just keep in mind that any zones you have hosted on their
machines are vulnerable, and any machines within those zones could be
more easily broken into by using them as a vector. If you're not
going to work with them to try to help them get their stuff fixed
before you move, then you want to be quick about moving your stuff
somewhere else.
> Interestingly, these folks don't seem to have
> much of a clue about DNS anyway, upon my first type=soa query I sent to
> their servers yesterday, I saw that the serial for both thunderbridge.de
> and loadbalanced.net was set to 0. Even I know that this isn't too
> sane, and I bet DeNIC would also have complained about this, if it
> hadn't been corrected.
An SOA serial number of 0 is technically legal, but would almost
certainly have raised additional flags at DEnic.
> And thanks for your suggestions, I'll have a look at the debugging
> tools you mentioned, so I get more of a clue about this myself ;-)
Good luck!
--
Brad Knowles, <brad.knowles at skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
More information about the freebsd-chat
mailing list