NXDOMAIN Error

[Barry Margolin]

In article <199912301705.LAA11020 at achilles.ctd.anl.gov>,
Barry Finkel  <b19141 at achilles.ctd.anl.gov> wrote:
>I am seeing many messages such as this one
>
>     named[5172]: sysquery: findns error (NXDOMAIN) on barge.mcs.anl.gov?
>
>in my BIND 8.2.2-p5 log file on dns1.anl.gov.  I assume it means that 
>someone is querying our dns1 name server, and looking for an entry for
>
>     barge.mcs.anl.gov

No.  It means that someone sent a recursive query to your dns1 name server,
for a domain that was delegated to barge.  But when dns1 tried to look up
barge's address so that it could forward the query to it, it got an
NXDOMAIN (No such domain) error.

>The barge machine was the NS for an old domain 
>
>     ucsp.anl.gov

It's also listed as one of the nameservers for NONICK.ORG domain:

The Nickless Group (NONICK-DOM)
   213 Lincoln Street
   Lemont, IL 60439
   USA

   Domain Name: NONICK.ORG

   Administrative Contact, Technical Contact, Zone Contact:
      Nickless, William K  (WKN)  nickless at MCS.ANL.GOV
      (630) 252-7390 (FAX) (630) 252-5986

   Record last updated on 04-Jan-1997.
   Record created on 05-Sep-1996.
   Database last updated on 29-Dec-1999 13:58:00 EST.

   Domain servers in listed order:

   BARGE.MCS.ANL.GOV		140.221.32.92
   MCS.ANL.GOV			140.221.9.6

>that I removed from dns earlier this year, and the barge machine no
>longer exists in DNS.  How do I determine who is making these queries?  

You can turn on query logging or use a sniffer.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.