Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 10273 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking DNS access to root servers

SalishSwede
I notice in my logs the following:

[FONT=monospace]/var/log/packetfilter/2012/03/packetfilter-2012-03-13.log.gz:2012:03:13-19:03:02  wahine ulogd[6021]: id="2001" severity="info" sys="SecureNet"  sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003"  outitf="eth1" srcmac="0:c:29:67:ac:8e" srcip="174.x.y.z"  dstip="128.8.10.90" proto="17" length="76" tos="0x00" prec="0x00"  ttl="64" srcport="1901" dstport="53"  [/FONT]

Looking at the dstip, I see the following:

Address lookup

     canonical name  d.root-servers.net.    aliases 
    addresses   2001:500:2d:[:D]
128.8.10.90It looks like this the device blocking access to DNS root servers.
Is that a good thing?
I don't have DNS specific rules in my firewall (save one machine which is off).
In Network Services \ DNS I list Google's DNS servers.  [feel free to comment]

Just checking.


This thread was automatically locked due to age.
Parents
  • 0
    See, Doug, I didn't even realize that you were frustrated - I'm a rose-colored-glasses kind of guy! [;)]

    I normally use OpenDNS, and don't think I've gotten a root name server anywhere since I started using 208.67.222.222 and 208.67.220.220.  You might see if that works better.  I also usually uncheck the box for the ISP's name servers.

    It is a bit of a mystery why the standard "invisible" Firewall rule for DNS seems to have been disabled.  It would be interesting if you could find when the default drops started, and then restore a backup from before that to see if the problem persists.

    Cheers - Bob
  • 0 in reply to BAlfson
    I'll take a look.
    I've recently reset the configuration and restored from backup.
    This was due to the issues with the syslog routing being left on.
    That's on another thread.  Interesting thread.  Foreign governments have taken up the research on what's behind that.
Reply
  • 0 in reply to BAlfson
    I'll take a look.
    I've recently reset the configuration and restored from backup.
    This was due to the issues with the syslog routing being left on.
    That's on another thread.  Interesting thread.  Foreign governments have taken up the research on what's behind that.
Children
No Data