Bad referral syslog messages

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Tue May 8 06:08:30 UTC 2001 

> 
> Hi folks-
> 
> I'm running 8.2.2p5 on rh 6.2, and upon running named, I get what looks like
> pretty normal logging initially :

	You need to upgrade for security reasons. See:
	http://www.isc.org/products/BIND/bind-security.html

> 
> named[20412]: hint zone "" (IN) loaded (serial 0)
> named[20412]: Zone "0.0.127.in-addr.arpa" (file pri/0.0.127.in-addr.arpa):
> No default TTL set using SOA minimum instead
> 
> named[20412]: master zone "0.0.127.in-addr.arpa" (IN) loaded (serial
> 200104100)
> 
> named[20412]: Zone "safaricircuits.com" (file pri/safaricircuits.com): No
> default TTL set using SOA minimum instead
> 
> named[20412]: master zone "safaricircuits.com" (IN) loaded (serial
> 200105070)
> 
> named[20412]: listening on [127.0.0.1].53 (lo)
> named[20412]: listening on [204.240.53.227].53 (eth0)
> named[20412]: Forwarding source address is [0.0.0.0].2084
> named[20413]: Ready to answer queries.
> named[20413]: Sent NOTIFY for "safaricircuits.com IN SOA"
> (safaricircuits.com); 1 NS, 1 A
> 
> Then within a minute or so, syslog starts getting bombarded with this;
> 
> May  8 00:51:04 mail named[20413]: bad referral (206.53.240.204.in-addr.arpa
> !< *.240.204.in-addr.arpa)
> May  8 00:51:04 mail named[20413]: bad referral (206.53.240.204.in-addr.arpa
> !< *.240.204.in-addr.arpa)
> May  8 00:51:22 mail named[20413]: bad referral (177.53.240.204.in-addr.arpa
> !< *.240.204.in-addr.arpa)
> May  8 00:51:22 mail named[20413]: bad referral (177.53.240.204.in-addr.arpa
> !< *.240.204.in-addr.arpa)

	This isn't your fault.  It's PSI's fault.  They have tried to use
	a "wildcard delegation" which is conceptually impossible.  Wildcard
	are within a zone, delegations are outside of the zone.

> 
> 
> And it continues from there, with the ip address changing every two lines,
> but always staying within my network (204.240.53/24).

	Something on your net is trying to do a reverse lookup (IP
	to name) and due to the bogus "wildcard delegation" it is
	failing.  You need to get 53.240.204.in-addr.arpa delgated
	to you by talking to PSI but first setup your server to
	serve the 53.240.204.in-addr.arpa zone.

	Mark
> 
> Any help is greatly appreciated
> 
> -ben thielsen
> -idiot boy who can't solve his own problems.
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list