Weird query packets

Jim Reid jim at rfc1035.com
Wed Jan 19 19:24:47 UTC 2000


>>>>> "Gordon" == Lack Mr G M <gml4410 at ggr.co.uk> writes:

    Gordon>    This seems to have the characteristics of a
    Gordon> query-within-a-query!  The "WWW.GUESS.CO.UK" (along with a
    Gordon> trailing NULL character) is being looked for in the
    Gordon> domain.local zone.

    Gordon>    Does anyone know what might cause them?

Probably a broken resolver that always appends its idea of the domain
name - ie domain.local - to every query. Switch on query logging and
you'll find out who's sending these queries to the name server that
then forwards them - yuk! - to your central name server.

    Gordon>    The "central DNS server" (running bind 8.2.2-P5) is
    Gordon> configured to forward queries about "domain.local" to the
    Gordon> "outlying DNS server" (running named on HP-UX 10.20).  The
    Gordon> "outlying DNS server" has "central DNS server" as a
    Gordon> forwarder (yes, this does make sense...).

Hmmm. There are only a few scenarios where forwarding makes sense IMHO.
And as for forwarding to some server which also does forwarding...
Why not set up your name servers to be slaves for this (internal?)
domain.local zone?



More information about the bind-users mailing list