This is a discussion on RE: testing vulnerability against secondary NS - DNS ; If it's a slave one way to force tests to it might be to temporarily stop named on the primary so queries have to use the slave. -----Original Message----- From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of Kevin Darcy Sent: Tuesday, August ...
If it's a slave one way to force tests to it might be to temporarily
stop named on the primary so queries have to use the slave.
From: email@example.com [mailto:firstname.lastname@example.org] On
Behalf Of Kevin Darcy
Sent: Tuesday, August 12, 2008 12:51 AM
Subject: Re: testing vulnerability against secondary NS
Chris Henderson wrote:
> I am testing the recent DNS vulnerability against my secondary name
> from my local machine
> ("dig @
+short porttest.dns-oarc.net TXT" and also
> "nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net.")
> But strangely it is giving me the result of my primary name server!
> I try to query, it gives me back my primary name server's result. I
> doxpara.com and https://www.dns-oarc.net/oarc/services/dnsentropy
> My local machine's /etc/resolv.conf has only one nameserver entry - my
> secondary name server.
> Also, if I try to resolve a hostname I can query my secondary name
> get the answer back. So I know my secondary name server is working.
> Does anyone know how can I test the vuln. against my secondary name
Well, what's the config of your so-called "secondary nameserver"?
Does it just forward to the "primary"?
If so, then that's where the queries will be seen to originate, by the
Another possibility is that you have a NAPT device multiplexing both
your "primary" and "secondary" nameservers into single address. Since it
would need to use different port numbers to accomplish this, the exact
implementation/configuration details of the NAPT would have an effect on
whether you get a "good" or "ok" result from the vulnerability-testing
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.