Denied recursive query messages from named

Damon Brownd dbrownd at HoustonEye.com
Sat Jan 6 14:19:14 UTC 2001 

Would the "crappy DNS implementation" be on our end or the remote resolver
making the queries?

Why would other name servers be making recursive queries?  I thought they
were supposed to query iteratively.

"Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
news:<930k5a$duj at pub3.rc.vix.com>...
>
> The only thing I can think of is a crappy DNS implementation that gets
confused
> about delegations when following CNAMEs to PTRs, with the result that it
thinks
> your servers are authoritative for 100.80.190.208.in-addr.arpa.
>
> One way to deal with this is just to go with the flow: set yourself up as
a
> slave for 100.80.190.208.in-addr.arpa. This won't stop the queries, but it
> should stop the log messages, since in that case there won't be any
recursion
> necessary (and therefore none to deny). As an additional benefit, being a
slave
> for the zone will enable you to reverse-resolve your own addresses even if
you
> lose connectivity to the Internet.
>
>
> - Kevin
>
> Damon Brownd wrote:
>
> > Our ISP recently delegated our in-addr.arpa subdomain for our /27
address
> > block to our name server as specified in RFC 2317.  Since then, I've
been
> > getting bursts of messages like the following at semi-regular intervals.
> > They tend to be from the same IP addresses but the addresses do change
over
> > time.  The thing that got my attention is that requests come from so
many
> > different IP numbers within a second or two with pauses of an hour or
more
> > between bursts.  Our name server is currently configured to allow
recursive
> > queries from internal addresses and reject them from elsewhere.  The
name
> > server is BIND 8.2.3.
> >
> > Are these messages safe to ignore or do they indicate a problem I need
to do
> > something about?
> >
> > %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.43  %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [216.52.85.194].3409 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.81  %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [216.52.125.38].8857 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.81  %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [64.94.206.66].1428 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.84  %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [216.52.153.130].3591 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.85  %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [216.52.44.194].1066 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.86  %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [64.94.163.226].3319 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.88  %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [63.251.235.226].2051 for
> > 100.80.190.208.in-addr.arpa
>
>
>
>
>
>

More information about the bind-users mailing list