Why use a positive anti-parsing domain name? Http://www.fanqiang.com (2001-05-21 13:04:00) [DNS] Reverse Domain Usage Timer (long) Summary Description: 1. Looking by IP Addr. Using the unit 2.Reverse DNS system 3.DNS Caching (Positive & Negative Caching) 4. SPAM (E-mail, usenet), general administrator's cognitive and cooperative measures
-------------------------------------------------- ------------------------------
Many people operate on DNS, usually a semi-solving. Even the actual person in charge of the relevant system, the entire system, sometimes, there is still something likely nothing.
Even some units of managers say that is based on Security, so don't set Forward and / or Reverse Domain Name Database.
In general, regardless of general users, or system administrators, many people know about Forward Domain Zone, this, not intended to say more.
But Reverse Domain Name Database, in China, has not yet received attention. - Many people may have not tasted international name platforms such as ftp.uu.Net, Access Deny experience ... Next , 7/1, maybe someone will have the opportunity to see the joint Access Deny event in the domestic platform ...
Question Background Description ============ The current Internet, SPAM (Email spam, usnet spam, ...). Quite quite common place, it is already a bad name.
Drying this type of spam, even Cracker behavior, a lot of way. In theory, each website may encounter or have such bad embryos. Therefore, in general, all unit managers, basically, for this kind of thing, It is premise with each other. But actual CASE, often because there is a user's user, usually, will be handled, more careful.
Basically, when you have problems, other units on the Internet, see a few units of network management, do a good job, common at least code requirements:
1) The REVERSE DNS system of the unit is complete. 2) "Postmaster @ Your-domain-zone", "Abuse @ Your-domain-zone", etc. E-mail addr. Will not work. 3) Mail sent Does any response, and related processing.
If this type of information is logged in, it is not. Or, the e-mail response is not, such, may it make people feel good?
If you do it slightly. Domestic website, Tanet, Hinet, SEEDNET, ..., etc., Many websites have not been done very well.
We look at things, usually, it should be seen, the overall performance.
Why is this look like this, usually there is reason, it comes from it. In the end, it is one, people 's factors. What is humanity (can be decided by computer), these managers, concepts , The rest is good.
Recently, because there is a DES's password, find KEY activities, set off, many people notice that the Reverse DNS name is used in many online use, the statistical report is convenient and meaningful. - Another, Switzerland Low Business School Reporting, also showing the Bay website, login information, seems to have a lot of disabilities.
- Like this, we go with APNIC to strive for more IP Address.
In fact, more active, Reverse Domain Name can also help do a lot of things. * Scecurity, * Convenient Access Control * convenient to set Balancing and other settings. Under the bottom, it is slightly for SECURITY. = ===================================================
Recently, SEEDNET, began to actively respond to this thing, and for users, it is a good thing. - However, technology, many places, or half-life is not familiar. (Perhaps, managers have too much later One bar)
An example under the bottom, explains, a Reverse DNS setting correlation setting, with the DNS system, and other AP interactions.
Maggie liang (liang@mozart.seed.net.tw) mentioned:: kftseng.bbs@bbs.ccu.edu.tw wrote::> Please take note of SEEDNET DIALUP DOMAIN managers.:::::: Can you know what is the problem? ::> Jun 1 10:30:35 Ccnews nnrpd [16950]::>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
The meaning of this message is indicated. It is a case where Domain Name is inconsistent.
Many APs are recorded in this information when they find that both have access. - Includes IP Addr and Forward Domain Name.
Now the AP, such as Sendmail, News, FTP, Rlogin, TCP Wrapper, ...), which is probably.
-------------------------------------------------- ---------------- 1) Receive an IP Addr. A Connection demand, so through the Reverse DNS to find a corresponding Forward Domain Name B. If you can't find it , Stop. * So, the manager can be paramount to confes Deny, :-)!
2) According to step 1), find the Domain Name B, go to Forward DNS "check", obtain a group of IP addr. C (possibly one, or more, such as multi-homed host, common like Router).
3) Align IP Addr. A, whether it is included in IP Addr. C. - If not, the system will warn. Generate the message as described above.
At this time, the meaning representative, perhaps Database is incorrect. Another possibility is to fake.
Sometimes, the Forward & Reverse Domain Zone, DNS book, and data maintenance, belong to different units, sometimes it will be generated, and this is not careful, and this is also produced. -------------------------- -------------------------------------------------- ---------
Several questions: ======== We may have a lot of problems for the case of the above situation.
Q1: Why is the system so trouble? Step 1). After completing, you can't .a: Motto 2) and 3), on the one hand for the SECURITY test. Always be more careful, avoid Some units, with a mess, then generate a messy message, recognize. Or framing others.
Other positive significance, is beneficial access control. Convenient Load Balance Management, etc. For example:
139.75.26.49, 192.72.90.129 The use of SEEDNET's user IP. Comparison * .seed.net.tw, which is easier to identify. As long as you think a little, it is not difficult.
Traffic on the Internet. Both IP addr. Information in circulation, after the destination, if the people's Reverse DNS data, no login, then many APs will become very difficult when Access Control, Performance Tuning, will become very difficult In particular, many units are discontinuous Class C, IP address. It is more difficult to distinguish. --------------------------- ---------------------------------------------
Q2: Do not set a Reverse DNS, only Forward Domain Name is not a relatively provincial thing. It seems that there is less traffic, even 2), 3) Nothing?
A: Things are not like this.
When you use the DNS Server NS1, the first time, after other programs, Query to a single other Domain zone's entry, (no matter Forward & Reverse Domain), then NS1 does not have answer (data So this NS1 will be asked from a normal system, from the ROOT's top, a DNS Server (EG NS2), all the way, found? Responsible for the DNS Server (EG NS3) of the Domain Zone. Then NS1 handed Query to NS3, NS3 found his Database (existing Memory, ideal state), if there is this information, give the Answer to NS1. Next, NS1 will be this Answer, write down (The following NS3 "is responsible for one of DNS Server for Domain Zone)
Because there is caching, if you follow someone (the program), NS1 can immediately return the answer immediately.
However, if the NS3 tells NS1, there is no corresponding record of this Query. So how do you do it next?
If NS1 is, early bind (below 4.9.5 or less), then if someone asks the same entry, he will ask NS3 (other DNS Server) once again. (This time, because With caching, it knows directly to ask NS3 or Equivalent, but it is likely to have no answer.
In this way, this type of NS1 -> NS3, NS3 -> NS1, constantly staged.
The new version of BIND 8.1 (4.9.5-p1, this function is not very unparalleled). In the case of the above, there will be a NEGATIVE CACHING action. That is, when NS3 tells NS1, a pen query, no When the corresponding DNS Data Entry, the NS1 will remember this result. In 10 minutes (600 sec), if there is a program. Ask the same query, it tells it immediately, this information does not exist.
600 seconds, when there is a program, then ask the same query, then the NS1 will ask NS3 again. So, it will be repeated. (At this time, you can understand, there is no difference) On the other hand, When the NS3 is determined, when a data is added, (EG's previously does not exist), when the NS1 is later asked next time, you can find it. Because there is caching, you usually also use the Local's DNS Server in operation AP, Therefore, there is a positive refiration system. Setting up a normal system, overall, even if the above three actions are made, because, you can usually find the answer in Local DNS Cache. With this, it is more than REMOTE SITE Go to the recovery of the Query action, there is also a lot of time. - DNS Traffic to the Remote Site, and the case of the query processing results such as Remote Site DNS Server, queuing, etc., will also be significantly reduced.
Can you reduce these REMOTE Query Traffic? Yes, as long as the Remote Site's DNS manager, replace the Reverse DNS Database, so that any traffic, local machine, local machine, very fast via DNS from the unit You can find the answer in caching, and the connection is quickly established. Other AP applications, Run will also smooth. (Do not waste too much time in the Waiting of DNS Query Loop)
Local Site To do Access Control, Load Balaning adjustment, is more convenient. --------------------------------- ------------------------------------
Q3: Another small problem, how long does it cost to find on this?
A: This entry, how long is Caching in NS1. Basically, it is set by the original data provider, NS3. (Such as SEEDNET's example, set 4 days) - But, with the NAMED, the longer the longer, because caching Off, usually, the program will slowly become bigger, after about 7 days, Named's size will be stable.
Why is this? This has several prems. 1) TRAFFIC of this DNS Server (NS1) will not suddenly increase or decrease much during a period of time. (Unless NetWork Upgrade, or Down, .. Bind named, in addition to the Data of Domain Zone, any Data Entry will not retain more than 7 days, time is arriving, turn off, avoid NAMEDs, and most of the most Multi-many Memory. Instead PERFORMANCE. (most people, default time-to-live is 1-3 days)
-------------------------------------------------- ----------------------- Q4: There are some websites, "Worry", if there is a re-solination, these DNS information may be subject to some platforms Through some weird DNS Server, it is possible to make information. Revenue, Lai, harassment, ... and more. Only IP Address log is trustworthy.
A: This is really strange. If you know the above process, you should not understand. DNS is a class-type dispersion system, to fake, must be allowed, cover. Include each Dive Zone Forward, Reverse Domain, every layer must, even the uppermost root domain name server is running. This is the problem of the AP itself, but it is true that the DNS system is true. Is it ip addr. Log, no Can you change????
It is better to use Editor (Vi, Joe, Emacs, ...) directly with Editor (Vi, Joe, Emacs, ...) directly.
This system is going to pass the Check / Verify. Why do you want to do this? - Have a meal, too much time?
In fact, the current AP design trend is all caught, whether it is Forward, Reverse DNS data, all arrested. (Of course, will log, indicating that there is no match problem,)
Take a look at the header of this e-mail (advertisement) - all the websites, IP addr. It is logged in with Forward Domain Name. - Earthink.net is on the Internet, the unsearched, many websites common Refuse to go to the past. The specials are people, do this kind of cantaneous advertising e-mail, usenet articles.
> From 07871706@earthlink.net WED JUN 4 15:18:23 1997 Received: from nctuccca.edu.tw (nctucca.edu.tw [140.111.1.edu.tw [140.111.1.20]) ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^ (Cst) from: 07871706@earthlink.net receific: from news.cna.com.tw (news.cna.com.tw [203.66.213.2]) by nctucca. ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ WED, 4 JUN 1997 15:14:44 0800 (CST) Received: from mtigwc03.worldnet.att.net (mailhost.worldnet.att.net) by news.cna.com.tw with esmtp (1.37.109.16/16.2) ID AA283237711; WED, 4 JUN 1997 15:01:51 0800 Received: from mailhost.worldnet.att.net ([207.116.57.134]) ^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^ by mtigwc03.worldnet.att.net (Post.Office MTA V2.0 0613) with smtp ID AJF9699; WED, 4 JUN 1997 07:10:30 0000 Received: from 123456 @ sprynet.com by sprynet.com (8.8.5 / 8.6.5) with smtp ID GAA00722 for; WED, 04 JUN 1997 02:31:55 - 0600 (EST) Date: Wed, 04 Jun 97 02:31:55 EST To: ALLINTERNETUSERS@earthlink.net Subject: Experience Incredible Mental States While Improving All Aspects of Your Mind Message-Id:! <052897MM230A> Reply-To: breakthru @ RocketMail.com X-PMFlags: 34078848 0 x-Uidl: 344414345512356874L4G7F5A5659K77 Comments: AUTHENTICATED Sender is status: Ro Content-Length: 5264 LINES: 131 ********************* *********************************************************** If you would like to Be Removed from "Source International Marketings" # 1 Breakthrough Alert Newsletter, Then SIMPLY
[deleded]
============================================================================================================================================================================================================= ==== Conclusion: ==== SEEDNET seems to have been active. Other ISP? TANET I ourselves?
- Many ISPs have been made quite good, but we often find that there is still a lot, in this regard, it is still indifferent. It seems that may only have the pressure to resort to users.
So, on the other hand, if you are using, online connection units, there is no complete Reverse Domain registration, trouble you remind you, related DNS managers.
86/7/1, there may be, there may be, there are many named BBS / NetNews / FTP, ..., etc. When the day, the days may become different.
- In fact, as long as the manager makes it clear, doing this, the general user should not need to be some of this situation, and worry.
- Joe C. S.Chen, cschen@ns.nctu.edu.tw
PS. About DNS-related technical details, interesters, please refer to.
- RFC 1034, 1035, ... (LOTS of) - Man named - Bind Bog (Basic Operating Guide)
Usenet newsgroups:
Comp.protocols.tcp-ip.domains comp.protocols.dns.bind comp.protocols.dns.std comp.protocols.dns.Ops.DNS.OPS
