how to tell what slaves are using my bind server

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 30 22:18:03 UTC 2000


Martin Meadows wrote:

> Hi. Just wondering if someone can tell me how I can identify the
> dns slaves who are getting loads from my dns bind server. We're
> running bind 8 on a solaris system. I tried to look this info
> up in the archives for this list ... but didn't see it out there.

You can't really tell this for sure. A close approximation would be to
look at your logs for "approved AXFR from [x.x.x.x].yyyy for
"foo.example.com"". However, this only tells you who has transferred the
zone, not necessarily that they transferred it for purposes of slaving
("dig" and "nslookup" can also generate zone transfers, for instance).
You could then winnow down the list somewhat by a) looking to see which
of those addresses sent an SOA query shortly before transferring the
zone (not 100% since the SOA queries could also have been generated by
something like "dig"), and/or b) querying those addresses and seeing
which ones respond with authoritative answers for your zone (not
100% either, since the machine might not be up, or it might be serving
your zone on a different interface than the one it used for transferring
it).


- Kevin





More information about the bind-users mailing list