dnsparanoia broken in 1.0.11?

Gunther Mayer gunther.mayer at googlemail.com
Wed Apr 2 11:04:10 UTC 2008

wlan at mac.com wrote:
> No, it looks to be doing it's job. It drops packets with type codes 
> other than 1 (A records) and 5 (CNAME records). Perhaps it is being 
> too restrictive...
If you are right then it definitely is being too restrictive as my 
firefox really is taking forever(>20sec) to resolve my uamserver 
(without dnsparanoia it's lightning fast). Not sure though what types 2, 
6 and 12 really are and if it really is firefox that's causing them. 
Else I think the packet type detection might be broken.
> I'll revisit this when I have a chance. In the meantime, simply turn 
> off the feature. Btw, are you _actually_ having a problem with people 
> using DNS tunnels?
I did turn it off now. I doubt I really have a problem with dns tunnel 
abuse, though this is really hard to know for sure. I mean it really is 
infeasible run tcpdump at all my sites the whole day and then sift 
through the output to detect possible abuse. I guess I'm just that - 
suffering from dnsparanoia ;-)


More information about the Chilli mailing list