[c-nsp] Open DNS problem
Renuka K
renukakb at gmail.com
Wed Jun 21 06:18:40 EDT 2006
Hi,
We have a DNS installed in Solaris 9 Server. Nowadays whenever i check the
status of this server in www.dnsreport.com, its giving the error that this
server is open dns server...
ERROR: One or more of your nameservers reports that it is an open DNS
server. This usually means that anyone in the world can query it for domains
it is not authoritative for (it is possible that the DNS server advertises
that it does recursive lookups when it does not, but that shouldn't happen).
This can cause an excessive load on your DNS server. Also, it is strongly
discouraged to have a DNS server be both authoritative for your domain and
be recursive (even if it is not open), due to the potential for cache
poisoning (with no recursion, there is no cache, and it is impossible to
poison it). Also, the bad guys could use your DNS server as part of an
attack, by forging their IP address. Problem record(s) are:
Server 203.190.128.141 reports that it will do recursive lookups.
[test <http://www.dnsreport.com/tools/lookup.ch?domain=www.DNSstuff.com&server=203.190.128.141>]
See this page <http://www.dnsreport.com/info/opendns.htm> for info on
closing open DNS servers.
Can somebody suggest me the solution for this.
Thanks in advance
Best Regards,
Renuka.K
More information about the cisco-nsp
mailing list