check_dns works fine for half my servers, fails for other half

[S. William Schulz]

> > As an aside, you shouldn't be allowing me to perform recursive lookups
> > with your servers anyway. Rosemary could easily be hijacked to perform
> > DNS based DOS attacks.
> >
> > -
> > Marc
>
> So does that mean then that it isn't possible to use the check_dns
> plugin without enabling recursive lookups and leaving my server open
> to DNS DOS attacks?
>
> Is there any way to use dns_check safely?

I think the keyword in Marc's statement was "me" - him, Marc, being
outside of your network should not be allowed to perform recursive
lookups via one of your nameservers.  If you are going to enable
recursive lookups for your own users/internal machines, limit access
to that feature via acl's to only those users/IPs/hosts.

Otherwise, with recursive off, ask them about a name they are authoritative for.

SWS

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null