From: Greg Polanski (greg.polanski@adc.com)
Date: Mon Jul 18 2005 - 17:06:21 EDT
Can I suppress DNS queries with illegal characters at the
DNS servers?
I have upgraded my firewalls to Checkpoint NGX, which is sensitive
to illegal DNS queries. The firewall is detecting and blocking
DNS queries to the root servers for the domain, "yahoo.com'"
Notice the single quote (') after com.
The root cause is that many messages incorrectly have quotes in the
address part of the name. An example follows. Notice the quotes
within the (<) and (>). The result is a DNS lookup of yahoo.com'
smtp5# egrep "yahoo.com'" /var/spool/mqueue*/*
/var/spool/mqueue/qfj6IEviI7001065: "xxx@yahoo.com" <'xxx@yahoo.com'>,
Rather than have BIND send a query to the root servers for yahoo.com',
can I set BIND to just reject the query? I am running Solaris 9
bind 8.3.3.
smtp5# /usr/sbin/in.named -v
in.named BIND 8.3.3 Wed Feb 18 23:46:02 PST 2004
Generic Patch-5.9-May 2002
Thank you
greg
-- _______________________________________________________________ Greg Polanski mailto:greg.polanski@adc.com ADC Telecommunications, Inc. 952.917.0548 PO Box 1101 612.309.4493 cell/pager Minneapolis, MN 55440-1101 _______________________________________________________________ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:08 EDT