[ale] DNS Cache Probing was cacheing DNS?
Jim Kinney
jim.kinney at gmail.com
Thu May 10 12:11:52 EDT 2012
you are trying to run a commercial service on a residential ISP product. In
short, you can't fix this without getting a commercial account that does no
filtering.
Many (most?) residential lines are port filtered heavily to block all sorts
of nasty. A residential customer running a rogue DNS server is viewed as a
security problem (and they usually are).
On Thu, May 10, 2012 at 10:27 AM, William Bagwell <rb211 at tds.net> wrote:
> On Wednesday 09 May 2012, John Heim wrote:
> (snips)
> > http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl says
> > I'm running an open resolver.
>
> Have a similar problem to John, likely for a very different reason. I am
> trying to pass a PCI (Credit card merchant) compliance scan of my home
> computer and failing on *one* single point. They say I'm running a DNS
> server that is allowing "DNS Cache Probing". I'm not, my port 53 is
> closed, and I have even turned off the internal DNS cache built into my
> fire wall in an attempt to pass.
>
> It apeares from the link John posted that my ISP may be intercepting these
> external DNS queries since it is they who are answering.
>
> "184.60.162.220 [64.50.228.54] open 2012-05-10 14:02:28"
> >From the notes,
> "If a resolver receives and transmits on different addresses, the
> transmitting address is shown in [brackets]."
>
> If so, I have no control over 64.50.228.54 and its open status or allowing
> cache probing. Any help on passing this compliance test
> would be appreciated.
> --
> William
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
--
James P. Kinney III
As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120510/1355e7d9/attachment.html
More information about the Ale
mailing list