[23829] in North American Network Operators' Group
RE: address spoofing
daemon@ATHENA.MIT.EDU (Roeland M.J. Meyer)
Mon Apr 26 04:52:32 1999
Reply-To: <rmeyer@mhsc.com>
From: "Roeland M.J. Meyer" <rmeyer@mhsc.com>
To: "Andrew Brown" <atatat@atatdot.net>,
"Phil Howard" <phil@whistler.intur.net>
Cc: <nanog@merit.edu>
Date: Mon, 26 Apr 1999 01:50:17 -0700
In-reply-to: <19990425111025.A9470@noc.untraceable.net>
Errors-To: owner-nanog-outgoing@merit.edu
The third edition "DNS and BIND" books, from O'Reilly =
<http://www.ora.com> also goes into detail on how to do it.
-----------------------------
Roeland M.J. Meyer
Morgan Hill Software Company, Inc.
http://staff.mhsc.com/~rmeyer
mailto://rmeyer@mhsc.com
-----------------------------
You can always tell the people that are forging the new frontier.
They're the ones with flaming arrows sticking out of their backs and
looking a little charred around the edges.
=A0
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Andrew Brown
> Sent: Sunday, April 25, 1999 8:10 AM
> To: Phil Howard
> Cc: nanog@merit.edu
> Subject: Re: address spoofing
>=20
>=20
> >> then, you can have (if you want) another bind listening on other
> >> interfaces for other stuff. like the "internal dns" server that =
you
> >> mentioned. or maybe a recursive, caching-only server that listens
> >> only on 127.0.0.1. of course...they can speak to each other if =
need
> >> be. :)
> >
> >I tried 2 instances of BIND and they didn't work right. One =
functioned
> >and the other played dead (very dead ... as in the process blocked =
and
> >would not wake up). One needs 2 separate machines to get it to =
actually
> >work right (times the amount of redundancy desired). If you know the
> >magic to make it work right, I'd sure like to know. Maybe some kind =
of
> >lock somewhere?
>=20
> the trick is to tell them specifically to listen on different
> interfaces. if you don't do that, then they will collide. other
> things (such as a different query or forwarding port, a separate pid
> file, etc.) are also rather necessary.
>=20
> i will attach a small shar file that paul vixie posted to the
> bind-workers mailing list a little over a year and a half ago that
> demonstrates exactly this.
>=20
> --=20
> |-----< "CODE WARRIOR" >-----|
> codewarrior@daemon.org * "ah! i see you have the internet
> twofsonet@graffiti.com (Andrew Brown) that goes =
*ping*!"
> andrew@crossbar.com * "information is power -- share the =
wealth."
>=20
