Local DNS Propagation Question - Networking

This is a discussion on Local DNS Propagation Question - Networking ; Greetings, While this question may sound silly I am unable to contact my usual resource to ask so I have come here in hopes of an answer. I have a small home network sitting behind a Linksys Router. I have ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Local DNS Propagation Question

  1. Local DNS Propagation Question

    Greetings,

    While this question may sound silly I am unable to contact my usual
    resource to ask so I have come here in hopes of an answer.

    I have a small home network sitting behind a Linksys Router. I have
    successfully set up Apache and Local DNS for my network on an Ubuntu
    machine. I have confirmed it to work correctly by setting it's address
    for the primary DNS on another machine on the network. It resolves the
    host name I created correctly and pulls the desired web pages from
    Apache.

    All that said, the domain name that I am using locally is one that
    already belongs to an active site on the internet. My local machines
    do not resolve to that site though they resolve to my local one (which
    is ok with me). My question however is will my DNS entries stay local?
    eg I do not want it to propagate my address (my internet address that
    is) across the internet as being the destination for that site.

    Don't want to get in trouble for stealing someones domain name when
    that is not my intent...

    Any insight would be greatly appreciated.

    PS I am using "dnsmsq" on the Linux box.

    Thanks!


  2. Re: Local DNS Propagation Question

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ,--- apollonius2 writes:

    | All that said, the domain name that I am using locally is one that
    | already belongs to an active site on the internet. My local machines
    | do not resolve to that site though they resolve to my local one (which
    | is ok with me). My question however is will my DNS entries stay local?
    | eg I do not want it to propagate my address (my internet address that
    | is) across the internet as being the destination for that site.

    Yes, your DNS entries will stay local available in your
    network. Unless someone from outside your network is your DNS
    server .

    HTH
    - --
    Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/
    ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFHLNilHy+EEHYuXnQRAs15AKCNhl8cypaIzmQ2xLJqgO XVjVCnTgCg3SJ2
    FBWvbem3laWapLx2H5TweX0=
    =mSG2
    -----END PGP SIGNATURE-----

  3. Re: Local DNS Propagation Question

    apollonius2@gmail.com wrote:

    > All that said, the domain name that I am using locally is one that
    > already belongs to an active site on the internet. My local machines
    > do not resolve to that site though they resolve to my local one (which
    > is ok with me). My question however is will my DNS entries stay local?


    Yes.

    > Don't want to get in trouble for stealing someones domain name when
    > that is not my intent...


    That's not nearly as simple as you now make it out to be.

  4. Re: Local DNS Propagation Question

    Got it!

    So as long as I don't put my DNS machine in the DMZ or outside my
    network I'm free to do as I wish with any internal domains.

    Thank you!


  5. Re: Local DNS Propagation Question

    On Nov 3, 2:07 pm, Jeroen Geilman wrote:
    > >apolloni...@gmail.com wrote:
    > >
    > > Don't want to get in trouble for stealing someones domain name when
    > > that is not my intent...

    >
    > That's not nearly as simple as you now make it out to be.


    You mean hijacking a legitimate domain name? Yea, I figured it would
    take intent (and probably a fair amount of work) to do that. I don't
    want to do that anyway. Sometimes you never know though technology is
    getting rather plug-and-pray now days.

    I don't fully understand how the "Global" domain system
    works...perhaps another subject for me to add to the list of future
    reading.

    Thanks for the reply.


  6. Re: Local DNS Propagation Question

    apollonius2@gmail.com wrote:
    > On Nov 3, 2:07 pm, Jeroen Geilman wrote:
    >>> apolloni...@gmail.com wrote:
    >>>
    >>> Don't want to get in trouble for stealing someones domain name when
    >>> that is not my intent...

    >> That's not nearly as simple as you now make it out to be.

    >
    > You mean hijacking a legitimate domain name? Yea, I figured it would
    > take intent (and probably a fair amount of work) to do that. I don't
    > want to do that anyway. Sometimes you never know though technology is
    > getting rather plug-and-pray now days.


    *Consumer* technology, maybe...
    Trust me, configuring a grownup router or firewall takes skill and
    experience.. and heaps of (sometimes arcane) knowledge.

    > I don't fully understand how the "Global" domain system
    > works...perhaps another subject for me to add to the list of future
    > reading.


    I found the O'Reilly book on BIND and DNS quite good - it explains the
    theory behind it very thoroughly.
    For free, try wikipedia (as odd as that may sound, they have very
    complete info for any computer- or network-related technology or
    standard) or the official BIND site (www.isc.org)

    >
    > Thanks for the reply.
    >


    No problem.

    J.

  7. Re: Local DNS Propagation Question

    On Sat, 03 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
    article <1194133278.020926.255260@q3g2000prf.googlegroups.c om>,
    apollonius2@gmail.com wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    >Jeroen Geilman wrote:


    >> apolloni...@gmail.com wrote:


    >>> Don't want to get in trouble for stealing someones domain name when
    >>> that is not my intent...

    >>
    >> That's not nearly as simple as you now make it out to be.

    >
    >You mean hijacking a legitimate domain name? Yea, I figured it would
    >take intent (and probably a fair amount of work) to do that. I don't
    >want to do that anyway. Sometimes you never know though technology is
    >getting rather plug-and-pray now days.


    No comment

    >I don't fully understand how the "Global" domain systemworks...
    >perhaps another subject for me to add to the list of future reading.


    There is the DNS-HOWTO which explains things. VERY BRIEFLY, you ask a
    name server. If it doesn't know the answer, it asks one of the 'root'
    servers ("what is the address of foo.bar.baz.example.com?"), who refers
    it to a top-level domain server ("ask who knows about .com").
    The top-level domain server will refer it to a 'second level' domain
    server ("ask who knows about example.com"). This is
    repeated as needed until your name server finds the server who knows
    that "foo.bar.baz.example.com is 192.0.2.145".

    If you have a bogus domain on your name server, it becomes a problem
    for others IF they somehow get referred to your server to ask about
    that domain. Not very likely. However, those who are using your
    name server to ask DNS questions (which generally means those systems
    on your LAN) get the "wrong" answer, and will not be able to reach the
    "real" host (whether or not that is their intent).

    Old guy

  8. Re: Local DNS Propagation Question

    On Nov 4, 11:04 pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    > On Sat, 03 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
    > article <1194133278.020926.255...@q3g2000prf.googlegroups.c om>,
    >
    > apolloni...@gmail.com wrote:
    >
    > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > reduces the chance of your post being seen. Find a real news server.
    >
    > >Jeroen Geilman wrote:
    > >> apolloni...@gmail.com wrote:
    > >>> Don't want to get in trouble for stealing someones domain name when
    > >>> that is not my intent...

    >
    > >> That's not nearly as simple as you now make it out to be.

    >
    > >You mean hijacking a legitimate domain name? Yea, I figured it would
    > >take intent (and probably a fair amount of work) to do that. I don't
    > >want to do that anyway. Sometimes you never know though technology is
    > >getting rather plug-and-pray now days.

    >
    > No comment
    >
    > >I don't fully understand how the "Global" domain systemworks...
    > >perhaps another subject for me to add to the list of future reading.

    >
    > There is the DNS-HOWTO which explains things. VERY BRIEFLY, you ask a
    > name server. If it doesn't know the answer, it asks one of the 'root'
    > servers ("what is the address of foo.bar.baz.example.com?"), who refers
    > it to a top-level domain server ("ask who knows about .com").
    > The top-level domain server will refer it to a 'second level' domain
    > server ("ask who knows about example.com"). This is
    > repeated as needed until your name server finds the server who knows
    > that "foo.bar.baz.example.com is 192.0.2.145".
    >
    > If you have a bogus domain on your name server, it becomes a problem
    > for others IF they somehow get referred to your server to ask about
    > that domain. Not very likely. However, those who are using your
    > name server to ask DNS questions (which generally means those systems
    > on your LAN) get the "wrong" answer, and will not be able to reach the
    > "real" host (whether or not that is their intent).
    >
    > Old guy


    Block Incoming UDP 53 so that it rejects DNS queries from the
    internet, you don't want people to resolve your domain name and
    neither do you want them to know whats inside your network you would
    be telling the hacker where your weakest point on the network is and
    to do the DoS attack to it...And if you want to be extra safe you can
    block outgoing TCP 53 so that nobody on the internet can get a DNS
    zone transfer of your network...If by mistake some one gets routed to
    your domain name instead of the registered one on the internet you
    would be in serious #### thats considered a DNS poisoning...


  9. Re: Local DNS Propagation Question

    On Mon, 05 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
    article <1194259411.506700.163320@50g2000hsm.googlegroups.c om>,
    DixanRivas@gmail.com wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.

    >Block Incoming UDP 53 so that it rejects DNS queries from the
    >internet, you don't want people to resolve your domain name and
    >neither do you want them to know whats inside your network you would
    >be telling the hacker where your weakest point on the network is and
    >to do the DoS attack to it...


    Many companies have "internal" and "external" name servers. External
    servers will handle external queries for hostnames that you desire to
    resolve - www.example.com, ftp.example.com, dns.example.com, and
    mx.example.com being possible candidates. The external nameservers
    also resolves external queries for your section of "in-addr.arpa."
    (assuming such a zone has been delegated to you - see RFC1591 and 2317)
    but MAY provide generic answers (192.0.2.11 may resolve to
    192.0.2.11.example.com [_whether or not it may actually exists_]
    RATHER THAN some potentially sensitive name). The external servers may
    intentionally not respond to queries originating internally. The
    "internal" servers resolve internal and external names and addresses
    for internal clients only.

    >And if you want to be extra safe you can block outgoing TCP 53 so that
    >nobody on the internet can get a DNS zone transfer of your network...


    If you haven't configured your name servers to ignore such queries, you
    probably shouldn't be administering the server. That has been a strongly
    recommended configuration option for over ten years. And you may want
    to look at RFC1034 and RFC1035 regarding the use of TCP in DNS.

    >If by mistake some one gets routed to your domain name instead of the
    >registered one on the internet you would be in serious #### thats
    >considered a DNS poisoning...


    Note that laws are not the same in all countries, and there are no
    Internet Police who will come down and beat the sh!t out of the bad
    guys or idiots - despite many wishes to the contrary.

    Old guy

+ Reply to Thread