PDA

View Full Version : Challenge to DNS experts

dynamicnet
07-25-03, 08:20 AM
Greetings:

Prelude: Please read the following documents:

http://www.email-marketing.ca/#Types%20of%20Email%20Sending%20Software

http://www.emailarchitect.net/webapp/smtpcom/developers/dnslookup.asp

http://gd.tuwien.ac.at/opsys/linux/gazette/issue80/tag/2.html

Now, read http://www.4mktg.com/faq/online-help.html#6

Look at #2:

"If you find the success rate is unacceptably low, you might change the DNS server. Big ISP's always have powerful DNS servers. Write email to them for the DNS server IP address or use some software to sniff them by yourself."

Focus on "SNIFF them by yourself."

===

Challenge:

Every single day we see stuff like the following in our logwatch results:

ns_forw: query(fresheoffers.com) All possible A RR's lame: 8 Time(s)

sysquery: query(mx.cherryslush.com) All possible A RR's lame: 9 Time(s)

And the like.

We strongly believe this is coming from SPAM organizations that have "sniffed" our DNS, and are trying to use our DNS servers to send out their SPAM.

How do we go at blocking them from using our DNS servers to send SPAM?

Thank you.
Robert
07-25-03, 08:43 AM
Put some pepper in your DNS, so when SPAM Organizations sniff it, they end up sneezing to death...

:banana: :banana: :banana:

:rofl: :rofl:
soapsud
07-25-03, 07:31 PM
allan will probably be able to better answer this, but if you use djbdns, the cache is automatically separated from the resolver, so queries to the cache which are not "authorized" will automatically die out.

here's some quick google info:

http://www.isc.org/ml-archives/bind-users/2000/12/msg00091.html

hope that's what you're looking for :)
allan
07-26-03, 08:50 AM
Originally posted by dynamicnet:
How do we go at blocking them from using our DNS servers to send SPAM?


Add the following line in named.conf:


options {
recursion no;
};


If you don't need to offer a public caching/recursive server for your customers this will solve that problem.

If you do need to offer a public caching/recursive server consider separating it from your authoritative server and putting a tight ACL in it:


options {
allow-query { localnets };
blackhole ( all );
};


Alternatively, you can even do something like this:


options {
recursion { localnets };
};
dynamicnet
07-26-03, 08:53 AM
Greetings:

Thank you.
allan
07-26-03, 09:10 AM
Originally posted by dynamicnet:

Thank you.

No worries, that will be $25 ;).