Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
See /etc/named.conf for the allow-query entry, to specify which hosts are permitted to do DNS lookups on the machine. Of course, if you're not actually using the machine as a DNS server you ought to disable named.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well first, are the DNS queries from external IPs or internal? Your local clients will need to make DNS lookups for any connections they make to the Internet. The easiest way to disallow remote hosts querying your server for DNS is to firewall off port 53 completely from the outside world (both TCP and UDP).
the dns queries in the log are coming from the server itself.. and I am the only one using it... and I know they queries are not mine.
I'll go look at port 53 on the netserver
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Your mail server is making the queries. It does a DNS lookup every time it sends a message, and likely it also tries to do a reverse lookup of every IP that connects to deliver mail to you. If you totally disable DNS you will break your mail server.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Probably bouncing messages that were sent to non-existent users on your system. Look, if the queries have a source address of your server SOME application on your server is making those queries and you're going to break it when you disable DNS. Now given the fact that you're primarily running the box as a mail server, and additionaly given that the two examples you just posted a) start with mail. and b) sound like porn spammer hosts, I willing to bet money it's your mail server.
However, it's your server and you're welcome to break it if you want to. Just don't come back tomorrow asking why you suddenly can't deliver mail.
By the way, even if you do have /etc/resolv.conf configure to query your ISPs name server and mail continues to work, you'll add a lot more latency to your lookups and that will impact performance.
I really don't see why you're so paranoid about your own server doing DNS lookups. DNS is the foundation of the Internet. It is also true that if you have the processing horsepower, it's much better to do queries locally on your own network rather than across the Internet, because you will have significantly better performance. As long as Internet users aren't doing zone file transfers of your entire zone off your DNS server, you're fine! Let your internal boxes query all they want, all it's doing is increasing your Internet performance.
I highly suggest reading DNS & BIND from O'Reilly.
I was worried that I may have been providing the mail for the spammers somehow... I have to watch my logs for garbage like the forementioned spammers... our users are not allowed to do that sort of stuff. thanks for your input.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Just don't allow relay from external IPs. You can easily test that by going to an outside box (one that's not on your network), telnet to your mail server on port 25, and issue the SMTP commands by hand. Make sure your MAIL FROM is not in your domain and neither is the RCPT TO. If it accepts the message, you have problems.
Code:
[chort@abydos chort]$ telnet mail.yourdomain.tld 25
Trying 10.0.0.3...
Connected to mail.yourdomain.tld (10.0.0.3).
Escape character is '^]'.
220 mail.yourdomain.tld ESMTP Mailserver software name
EHLO test.com
250-mail.yourdomain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-XVERP
250 8BITMIME
MAIL FROM: <test@test.com>
250 Ok
RCPT TO: <test@foo.com>
250 Ok
Obviously the above uses a private IP (10.0.0.3) where you would be using the public IP if connecting from a remote system, but you get the idea. Above is an example of a server which DOES allow relaying. This is bad.
A server which does not allow relaying would have responded with the below, instead of "250 OK" after the RCPT TO line.
Code:
571 Cannot relay. Mailbox not available foo@test.com
Note that you cannot do this test from inside your network, because your server SHOULD relay for internal hosts.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.