Normal DNS traffic (inbound)
Barry Margolin
barmar at bbnplanet.com
Thu Feb 10 18:44:58 UTC 2000
In article <38a27df3.13072914 at news-server>, Chris Ehly <cehly at who.net> wrote:
>My apologizes if this is in some MAN page I haven't read ret. I've
>even downloaded some RFC's and from what I can gather from reading
>them, is that I might have an STD...
>
>Anyway, I have a server set up with 3 nameservers. Myself, a friend,
>and my ISP's.... After playing with various "logging" utilities, I've
>often wondered about all of the "inbound" UDP activity I see. I see
>my ISP name server (NS1.ISP.COM) sending lot's of info to my port 53.
>I also see lot's of other computers sending info. in the same manner.
>Some are top level domain servers, and I can grasp that, but what I
>don't understand is why just any ole' computer sends me info.
What version of BIND are you running? Is your server registered as the
authoritative server for any domains?
Incoming UDP packets to port 53 generally consist of two types of traffic:
1) Queries directed to your nameserver. This is most likely when domains
are delegated to your server. Other servers around the Internet will be
referred to your server when they want to look things up in your domains.
2) Replies to recursive queries if you're running BIND 4, or running BIND
8 with "query-source * port 53" in the options section of named.conf,
If you're seeing traffic from root servers to your port 53, it should be
the second type, because most root servers do not perform recursion.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list