Denied recursive query messages from named
Damon Brownd
dbrownd at HoustonEye.com
Sat Jan 6 14:19:14 UTC 2001
Would the "crappy DNS implementation" be on our end or the remote resolver
making the queries?
Why would other name servers be making recursive queries? I thought they
were supposed to query iteratively.
"Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
news:<930k5a$duj at pub3.rc.vix.com>...
>
> The only thing I can think of is a crappy DNS implementation that gets
confused
> about delegations when following CNAMEs to PTRs, with the result that it
thinks
> your servers are authoritative for 100.80.190.208.in-addr.arpa.
>
> One way to deal with this is just to go with the flow: set yourself up as
a
> slave for 100.80.190.208.in-addr.arpa. This won't stop the queries, but it
> should stop the log messages, since in that case there won't be any
recursion
> necessary (and therefore none to deny). As an additional benefit, being a
slave
> for the zone will enable you to reverse-resolve your own addresses even if
you
> lose connectivity to the Internet.
>
>
> - Kevin
>
> Damon Brownd wrote:
>
> > Our ISP recently delegated our in-addr.arpa subdomain for our /27
address
> > block to our name server as specified in RFC 2317. Since then, I've
been
> > getting bursts of messages like the following at semi-regular intervals.
> > They tend to be from the same IP addresses but the addresses do change
over
> > time. The thing that got my attention is that requests come from so
many
> > different IP numbers within a second or two with pauses of an hour or
more
> > between bursts. Our name server is currently configured to allow
recursive
> > queries from internal addresses and reject them from elsewhere. The
name
> > server is BIND 8.2.3.
> >
> > Are these messages safe to ignore or do they indicate a problem I need
to do
> > something about?
> >
> > %%%%%%%%%%% OPCOM 3-JAN-2001 10:20:03.43 %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [216.52.85.194].3409 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%% OPCOM 3-JAN-2001 10:20:03.81 %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [216.52.125.38].8857 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%% OPCOM 3-JAN-2001 10:20:03.81 %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [64.94.206.66].1428 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%% OPCOM 3-JAN-2001 10:20:03.84 %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [216.52.153.130].3591 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%% OPCOM 3-JAN-2001 10:20:03.85 %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [216.52.44.194].1066 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%% OPCOM 3-JAN-2001 10:20:03.86 %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [64.94.163.226].3319 for
> > 100.80.190.208.in-addr.arpa
> >
> > %%%%%%%%%%% OPCOM 3-JAN-2001 10:20:03.88 %%%%%%%%%%%
> > Message from user SYSTEM on IRIS
> > named: denied recursion for query from [63.251.235.226].2051 for
> > 100.80.190.208.in-addr.arpa
>
>
>
>
>
>
More information about the bind-users
mailing list