Unapproved recursive queries
Kevin Darcy
kcd at daimlerchrysler.com
Fri Sep 29 21:35:53 UTC 2000
It appears that some crappy DNS resolver implementations *always* use recursive
queries, even when following referrals. I don't think this is technically a
violation of the RFC's but is very rude and wasteful. You probably have some
CNAMEs in plymouth.ac.uk (or some other zone for which your box is
authoritative) pointing to area51.termisoc.org and www.termisoc.org. When the
aforementioned crappy resolvers send your slave a recursive query for one of
those aliases, your box denies the part of the request which would require
recursion, i.e. resolving the CNAME into an A record or whatever. Hence the log
messages.
- Kevin
John Horne wrote:
> Hello,
>
> We are seeing entries of the following type on our slave name server
> (dns1.plymouth.ac.uk):
>
> 29-Sep-2000 05:07:39.055 security: notice: unapproved recursive query from
> [198.83.19.247].53 for area51.termisoc.org
> 29-Sep-2000 07:25:10.385 security: notice: unapproved recursive query from
> [163.121.199.3].53 for www.termisoc.org
>
> What I cannot understand is why. We don't allow recursive queries through
> our servers for non-local users, but the 'termisoc.org' domain lists its own
> name servers, and our master (dns0.plymouth.ac.uk) as authoritative. So why
> are requests going to the slave server?
>
> Thanks,
>
> John.
>
> ------------------------------------------------------------------------
> John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
> E-mail: jhorne at plymouth.ac.uk
> PGP key available from public key servers
More information about the bind-users
mailing list