Bad Refferal
Pui Ng
pyn97 at doc.ic.ac.uk
Tue Apr 17 15:21:25 UTC 2001
On Wed, 18 Apr 2001 Mark.Andrews at nominum.com wrote:
>> I am getting the following message as a security violations:
>> "Apr 17 06:31:44 ns1 named[142]: bad referral (174.147.192.in-addr.arpa !< 21
>> 8.174.147.192.in-addr.arpa)
>> from [192.147.174.26].53"
> It looks 174.147.192.in-addr.arpa delegates the entire /24
> at the individual reverse address to ns00.exactis.com and
> ns01.exactis.com. These servers are set up to serve the
> /24 as 1 zone not 256 zones.
> Normally the entire /24 would be delegated by the ISP (Verio
> in this case) getting registry (ARIN in this case) to update
> its delegation records to point to the servers in question,
> not by delegating every individual address.
I think I have a somewhat similar/connected problem with delegation (see
several messages back, subject "reverse dns and broken delegations" if
interested).
Can this also be solved by having the verio serve the /24 zone of type
stub with one of the exactis name servers as a master? From what I can
puzzle out, it seems like this would tell all queriers to refer to the
exactis name servers for an authoritative answer...
Or would this introduce lame delegation since the verio name server has
been delegated the zone, but does not have authoritative data?
More information about the bind-users
mailing list