Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 10261 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking DNS access to root servers

SalishSwede
I notice in my logs the following:

[FONT=monospace]/var/log/packetfilter/2012/03/packetfilter-2012-03-13.log.gz:2012:03:13-19:03:02  wahine ulogd[6021]: id="2001" severity="info" sys="SecureNet"  sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003"  outitf="eth1" srcmac="0:c:29:67:ac:8e" srcip="174.x.y.z"  dstip="128.8.10.90" proto="17" length="76" tos="0x00" prec="0x00"  ttl="64" srcport="1901" dstport="53"  [/FONT]

Looking at the dstip, I see the following:

Address lookup

     canonical name  d.root-servers.net.    aliases 
    addresses   2001:500:2d:[:D]
128.8.10.90It looks like this the device blocking access to DNS root servers.
Is that a good thing?
I don't have DNS specific rules in my firewall (save one machine which is off).
In Network Services \ DNS I list Google's DNS servers.  [feel free to comment]

Just checking.


This thread was automatically locked due to age.
  • 0 in reply to BAlfson
    I'll take a look.
    I've recently reset the configuration and restored from backup.
    This was due to the issues with the syslog routing being left on.
    That's on another thread.  Interesting thread.  Foreign governments have taken up the research on what's behind that.
  • 0
    Nuts.  Because log management was taken off line and the need to reset, I no longer have my logs.
    I have a VM image with the old logs and the code that was sending them oubound to Symantec and others, but it's too much hassle for me to deal with given my other responsibilities.