dnsparanoia broken in 1.0.11?
Gunther Mayer
gunther.mayer at googlemail.com
Wed Apr 2 11:04:10 UTC 2008
wlan at mac.com wrote:
> No, it looks to be doing it's job. It drops packets with type codes
> other than 1 (A records) and 5 (CNAME records). Perhaps it is being
> too restrictive...
If you are right then it definitely is being too restrictive as my
firefox really is taking forever(>20sec) to resolve my uamserver
(without dnsparanoia it's lightning fast). Not sure though what types 2,
6 and 12 really are and if it really is firefox that's causing them.
Else I think the packet type detection might be broken.
> I'll revisit this when I have a chance. In the meantime, simply turn
> off the feature. Btw, are you _actually_ having a problem with people
> using DNS tunnels?
I did turn it off now. I doubt I really have a problem with dns tunnel
abuse, though this is really hard to know for sure. I mean it really is
infeasible run tcpdump at all my sites the whole day and then sift
through the output to detect possible abuse. I guess I'm just that -
suffering from dnsparanoia ;-)
Gunther
More information about the Chilli
mailing list