problem: with "allow-query {all}" some querys are denied
Kevin Darcy
kcd at daimlerchrysler.com
Fri Feb 11 22:28:55 UTC 2000
I believe there is a bug in the ACL code whereby class=ANY queries can get
erroneously rejected. Such queries are relatively rare, which is consistent
with the low numbers you're seeing.
- Kevin
Christopher McCrory wrote:
> Hello...
>
> <note> I am sending this again, I think the first try didn't make it
> through the usenet gatway</note>
>
> After being a relay for a aol MX DoS attack, I put in some acl
> restrictions.
> something like this:
>
> acl AS6592 { 127.0.0.1; 209.95.192.0/19 };
>
> options {
> ...
> allow-query {AS6592};
> ...
> };
>
> zone "example.com" {
> type master;
> file "db.example.com";
> allow-query { any};
> };
>
> ...other domains done the same...
>
> In 13 hours I got 62 "unapproved query" messages for domains that I host
> with the "allow-query { any};" tag. Overall I average about 2 requests
> per second.
>
> So out of about 100,000 requests in 13 hours I rejected 62 valid
> requests. This seems "statistically insignificant". But, I should not
> be seeing these rejects at all.
>
> Does anyone else see this activity? Is this normal?
>
> The server is running bind 8.2.2 Patch5, has plenty of horepower, dual
> PII350, ram 512Meg, running RH linux. The current mem usage is 47 megs
> for the named process.
>
> --
>
> Christopher McCrory
> Lead Bithead, Netus Inc.
> chrismcc at netus.com
> admin at netus.com
>
> "Linux: Because rebooting is for adding new hardware"
More information about the bind-users
mailing list