[wellylug] Weird DNS issue with Xtra DNS

Cliff Pratt enkidu at cliffp.com
Sun May 14 18:13:06 NZST 2006 

Mark Foster wrote:
> 
> On Sun, 14 May 2006, Cliff Pratt wrote:
> 
>> Mark Foster wrote:
>>
>>> Note that Ihug as far as I know reject external DNS queries anyway, 
>>> as a Paradise customer you shouldnt be using NS outside of 
>>> Clear/Paradise as a client anyway...
>>>
>> Mmm, if they do that, that would be remarkably anti-social of them. 
>> That would mean that you would not be able to resolve www.ihug.co.nz 
>> for example.
> 
> Let me clarify the 'often' situation here. I would say 'usual' but its 
> not really the usual yet.
> 
> We all know that SMTP has an ACL applied to it where a mail server will 
> accept mail for either:
> 
> a) Any destination, where the source is recognised by the server as 
> being 'local'
> 
> b) Any _Local_ Destination where the source is anywhere.
> 
> This prevents SMTP relay.
> 
> DNS servers are slowly moving in this direction.  This helps to reduce 
> the number of 'third parties' using DNS servers - can reduce their load 
> and so on.  The DNS implementation of this, therefore, would be:
> 
> 1) Accept DNS queries from 'local' users and answer regardless of the 
> query,
> 
> 2) Accept DNS queries from 'all' users and answer only for 'local' 
> domains aka those hosted on the NS in question.
> 
> So what I meant to say was that Ihug's NS (the last time I tried, 
> anyway) would reject DNS queries from non-Ihug users for domains that 
> were not actually delegated to their NS.  i.e. Locally hosted domains 
> would work fine.
> 
OIC, sorry! Now that I re-read it, it's obvious what you meant!

I can't see how it would affect the number of third party DNS providers, 
though. When a request for a record in a zone in the third party's is 
looked up, the user will be directed directly to the third party's DNS. 
It's only lookup *from* the third party's DNS that could use the Xtra's 
DNS as referrers, and there shouldn't be too many of those. And Xtra 
could easily block those few addresses of DNS servers that abuse Xtra's 
'open' DNS server.

Or am I missing something?

It *would* affect non-*clients* of Xtra using Xtra's DNS though, but 
again there shouldn't be too many of those should there?

Cheers,

Cliff

-- 

http://barzoomian.blogspot.com

More information about the wellylug mailing list