Re: [TCLUG:19636] DNS packets?

[Mike Hicks <hick0088@tc.umn.edu>]

/me tries to see if Evolution can send mail....  It's actually very
fast, though I'm not sure if I'll be able to convince it to do IMAP
properly on my system...

> Jon Schewe <jpschewe@eggplant.mtu.net> wrote:
> 
> I've got a caching nameserver setup, does anyone know why I should be
> receiving packets from outside nameservers?  Specifically those for @home? 


I've seen stuff like this before, and I guess I've never tried to find
out the real answer.  From what I understand, DNS queries end up being
pretty complex things.  What follows is how I believe things happen.  I
could be wrong...

Your server will query a toplevel server (or perhaps one a little closer
if you have things set up that way).  It finds the primary or secondary
server for a particular domain and queries that.  If you didn't get an
IP address from that system, you probably got a pointer to a sub-domain
nameserver, which your server then queries (etc..)

All the while, communication is going back and forth between the two
systems (usually on port 53, I think). So, if you have been looking up
domains or subdomains that have nameservers on @home networks, there's
your answer.  Otherwise, someone is probably probing you, looking for
vulnerabilities of various kinds.


--
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   Avoid the Gates of Hell. 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   Use Linux 
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)                             
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088@tc.umn.edu ]