Shorewall users - Feb 2003 - Reject Dns

Just a few question. What type of BIND do you use ? 8 or 9 ?
9

Do you use it as a definition server for your domain or as a cache DNS ?
No, It is a primary and secondary for many domains
Where is your DNS system supposed to run ?
? Runs on my network

What version of Shorewall do you run ?
1.2.9

(I would have expected your mailserver queries come under a RFC1918 non routable
address)
Its on the same subnet and switch. 
    Toms answer to 6c helps sorry I missed that, I was thinking I need to open
higher number ports or something.

Since I have read FAQ 6c I think I may have other troubles since my logs also
include

named[27467]: client 64.42.49.234#2662: error sending response: host unreachable
named[27467]: client 64.42.49.234#2886: no matching view in class
''CLASS13875''

Thank you, 

Mike

Maybe I should disable IPV6 how do you disable it?, I have two dns servers,
the old one runs rh 6.1 with seawall 3.2.2 which is now my secondary dns
server and has run for many years with no trouble bind 8.
no troubles
----- Original Message -----
From: "JMM Moi-Meme Maitre du Monde" <j6m@cvni.net>
To: <landers@lanlinecomputers.com>
Sent: Saturday, February 08, 2003 2:37 PM
Subject: Re: [Shorewall-users] Reject Dns

> I have no trouble with 9.1.3 here (since I disabled the listen on IPV6.
>   I only have one public IP, I use my registrar DNS as secondary DNS and
> zone transfers failed prior to that).
>
> It appears that Linux IPv6 over IPv4 is still buggy (I run SuSe 8.0 with
> a 2.4.18 kernel).
>
> landers@lanlinecomputers.com wrote:
> > Just a few question. What type of BIND do you use ? 8 or 9 ?
> > 9
> >
> > Do you use it as a definition server for your domain or as a cache DNS
?
> > No, It is a primary and secondary for many domains
> > Where is your DNS system supposed to run ?
> > ? Runs on my network
> >
> > What version of Shorewall do you run ?
> > 1.2.9
> >
> > (I would have expected your mailserver queries come under a RFC1918
non
routable address)
> > Its on the same subnet and switch.
> >     Toms answer to 6c helps sorry I missed that, I was thinking I need
to open higher number ports or something.
> >
> > Since I have read FAQ 6c I think I may have other troubles since my
logs
also include
> >
> > named[27467]: client 64.42.49.234#2662: error sending response: host
unreachable
> > named[27467]: client 64.42.49.234#2886: no matching view in class
''CLASS13875''
> >
> > Thank you,
> >
> > Mike
> > _______________________________________________
> > Shorewall-users mailing list
> > Shorewall-users@lists.shorewall.net
> > http://lists.shorewall.net/mailman/listinfo/shorewall-users
> >
> >
>
>
>

This post is to answer this post, after hours of reading logs, I found an
unusual ip logging in into my mail server via telnet, and spamming hotmail
and yahoo domains, my mail server is on the outside of shorewall so
shorewall was logging corrupt or late dns replies excessively, he had found
a e-mail account with an easy password. I changed all passwords to be
stronger,
The spammer is locked out now, (I dont allow relays) thanks for the help
guys.
This guy got away with this for three days!

Mike
----- Original Message -----
From: "JMM Moi-Meme Maitre du Monde" <j6m@cvni.net>
To: <landers@lanlinecomputers.com>
Sent: Saturday, February 08, 2003 3:11 PM
Subject: Re: [Shorewall-users] Reject Dns

> It is in /etc/named.conf
>
>      listen-on-v6 { none; };
>
> I had messages of the type ffff:<IPv4 of my registrar DNS> zone
transfer
> denied. It does not seem to be your case.
>
> I ll go to sleep anytime soon. (It is time here in "Old Europe").
Keep
> me in touch if it has solved anything.
>
> landers@lanlinecomputers.com wrote:
> > Maybe I should disable IPV6 how do you disable it?, I have two dns
servers,
> > the old one runs rh 6.1 with seawall 3.2.2 which is now my secondary
dns
> > server and has run for many years with no trouble bind 8.
> > no troubles
> > ----- Original Message -----
> > From: "JMM Moi-Meme Maitre du Monde" <j6m@cvni.net>
> > To: <landers@lanlinecomputers.com>
> > Sent: Saturday, February 08, 2003 2:37 PM
> > Subject: Re: [Shorewall-users] Reject Dns
> >
> >
> >
> >>I have no trouble with 9.1.3 here (since I disabled the listen on
IPV6.
> >>  I only have one public IP, I use my registrar DNS as secondary
DNS and
> >>zone transfers failed prior to that).
> >>
> >>It appears that Linux IPv6 over IPv4 is still buggy (I run SuSe 8.0
with
> >>a 2.4.18 kernel).
> >>
> >>landers@lanlinecomputers.com wrote:
> >>
> >>>Just a few question. What type of BIND do you use ? 8 or 9 ?
> >>>9
> >>>
> >>>Do you use it as a definition server for your domain or as a
cache DNS
?
> >>>No, It is a primary and secondary for many domains
> >>>Where is your DNS system supposed to run ?
> >>>? Runs on my network
> >>>
> >>>What version of Shorewall do you run ?
> >>>1.2.9
> >>>
> >>>(I would have expected your mailserver queries come under a
RFC1918 non
> >>
> > routable address)
> >
> >>>Its on the same subnet and switch.
> >>>    Toms answer to 6c helps sorry I missed that, I was thinking
I need
> >>
> > to open higher number ports or something.
> >
> >>>Since I have read FAQ 6c I think I may have other troubles
since my
logs
> >>
> > also include
> >
> >>>named[27467]: client 64.42.49.234#2662: error sending response:
host
> >>
> > unreachable
> >
> >>>named[27467]: client 64.42.49.234#2886: no matching view in
class
> >>
> > ''CLASS13875''
> >
> >>>Thank you,
> >>>
> >>>Mike
> >>>_______________________________________________
> >>>Shorewall-users mailing list
> >>>Shorewall-users@lists.shorewall.net
> >>>http://lists.shorewall.net/mailman/listinfo/shorewall-users
> >>>
> >>>
> >>
> >>
> >>
> >
> > _______________________________________________
> > Shorewall-users mailing list
> > Shorewall-users@lists.shorewall.net
> > http://lists.shorewall.net/mailman/listinfo/shorewall-users
> >
> >
>
>
>