faqts : Computers : Internet : Domain Names : djbdns

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

13 of 13 people (100%) answered Yes
Recently 10 of 10 people (100%) answered Yes

Entry

Why does dnscache respond to queries from some hosts but not others?

Jun 10th, 2001 18:12
Brian Coogan, 


There are two reasons I can think of for this -
1.  You may not have created a file in the ip directory 
(eg: /service/dnscache/ip/10 for the 10.x.x.x private net) to tell 
dnscache to answer requests from machines with certain IP addresses  
(eg: 10.x in the above example).  You need to do something like this:
  cd /service/dnscache/root/ip
  touch 10
  touch 192.168
  touch 172.16
2.  The second reason is far more obscure - dnscache does not respond 
to queries from source ports < 1024 unless the source port is 53.  
Dnscache will silently drop and ignore queries from these ports;  a 
feature which is intended to increase the security of dnscache.  (It 
prevents the UDP servers from being used as unwitting DoS agents.)
In real life this is rarely seen, as most client implementations send 
their queries from source ports > 1024.  Currently the list of known 
implementations sending queries from source ports < 1024 is:
    HP-UX 10.20
(other examples welcome, please add here or email me).
Adrian Ho wrote a small patch to modify dnscache behaviour in this 
instance to be configurable when it came up on the mailing list in May 
2001 (djbdns 1.05 at the time):
  http://marc.theaimsgroup.com/?l=djbdns&m=99130915123267&w=2
Adrian's patch allows a creation of a new dnscache env option ANYPORT 
(eg: echo 1 > /service/dnscache/env/ANYPORT) which then tells djbdns to 
honour queries regardless of their source port.
Other notes:
- If you are testing with nslookup please check other entries in this 
FAQ for why this often doesn't work!