named is causing severe traffic

Piet Pelz ppz at mail.com
Sat Jul 15 07:23:55 UTC 2000


Dear Mike,

Thanks for your prompt reply. I had the same guess, although I
had a configuration with the reverse lookup section in the first
place.

Maybe I am completely blind, but I can not see the mistake I
made. Maybe you can discover my error.

If you don't mind, I attached named.conf, the reverse file.zone
and the tcpdump.txt output with this mail, desperate as I am.

I have already changed the default nameserver to the one of the
provider to avoid that other packages as sendmail are causing the
trouble. Basically the problem starts only after named takes up
it's job, after stopping named everything is quiet again.

If you got any idea.....

Thanks
Piet

#################################################################
That is my named.conf file:

options {
directory "/var/named";

# check-names master warn;

pid-file "/var/run/named.pid";

datasize default;
stacksize default;
coresize default;
files unlimited;
recursion yes;


forward only;
#forward first;

forwarders {
192.76.144.66;
#		149.174.211.5; commented out for testing
#		195.182.96.29;
};



query-source port 53;

listen-on port 53 {
192.168.100.254;
127.0.0.1;
};
};

#
# do not be verbose about these problems...
#
#logging {
#	category lame-servers { null; };
#	category cname { null; };
#};




zone "." IN {
type hint;
file "root.hint";
};

zone "localhost" IN {
type master;
file "localhost.zone";
check-names fail;
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.zone";
check-names fail;
allow-update { none; };
};

#
# a master zone
#

zone "zer-qms-bg.intern" IN {
type master;
file "zer-qms-bg.intern.zone";
# noone can transfer or update, everyone can query
allow-transfer { none; };
allow-update {none; };
allow-query { any; };
notify no;
};

#
# And now the thing vice versa
#
zone "100.168.192.in-addr.arpa" IN {
notify no;
type master;
file "192.168.100.zone";
check-names fail;
allow-transfer { none; };
allow-update { none; };
allow-query { any; };
};

########################################################

#Here is the file "192.168.100.zone"

$ORIGIN 100.168.192.in-addr.arpa.
;
$TTL	1D
@	IN	SOA	mx01.zer-qms-bg.intern. admin.zer-qms-bg.intern. (
45		; serial
8H		; refresh
15M		; retry
1W		; expiry
1D )		; minimum TTL
;
@	IN	NS	mx01.zer-qms-bg.intern.
;
1	IN	PTR	gw01.zer-qms-bg.intern.
10	IN	PTR	nt01.zer-qms-bg.intern.
251	IN	PTR	main01.zer-qms-bg.intern.
254	IN	PTR	mx01.zer-qms-bg.intern.
;

##########################################################

Here is the tcpdump (line feeds for better readability):

06:01:44.095426 mx01.zer-qms-bg.intern.domain >
ns.de.uu.net.domain: 23251+ NS? . (17)

06:01:48.005537 mx01.zer-qms-bg.intern.domain >
ns.de.uu.net.domain: 23251+ NS? . (17)

06:01:49.095415 arp who-has 192.168.100.1 tell
mx01.zer-qms-bg.intern (0:d0:b7:22:10:e1)

06:01:49.095540 arp reply 192.168.100.1 is-at 0:90:27:bd:83:d8
(0:d0:b7:22:10:e1)

06:01:49.096661 mx01.zer-qms-bg.intern.1039 >
ns.de.uu.net.domain: 35616+ PTR? 1.100.168.192.in-addr.arpa. (44)

06:01:54.105539 mx01.zer-qms-bg.intern.1039 >
ns.de.uu.net.domain: 35616+ PTR? 1.100.168.192.in-addr.arpa. (44)

06:02:04.116176 mx01.zer-qms-bg.intern.1039 >
ns.de.uu.net.domain: 35616+ PTR? 1.100.168.192.in-addr.arpa. (44)

06:02:48.005543 mx01.zer-qms-bg.intern.domain >
ns.de.uu.net.domain: 23251+ NS? . (17)

06:02:53.005416 arp who-has 192.168.100.1 tell
mx01.zer-qms-bg.intern (0:d0:b7:22:10:e1)

06:02:53.005546 arp reply 192.168.100.1 is-at 0:90:27:bd:83:d8
(0:d0:b7:22:10:e1)


______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup




More information about the bind-users mailing list