Query Denied bind 9.4
Alan Clegg
Alan_Clegg at isc.org
Mon Nov 26 18:12:41 UTC 2007
Dean Clapper wrote:
> I turned off allow-query from "any" to just internals. While I was watching
> the message logs I keep on getting the same message from outside
> sources.
Where did you "turn off" queries? Doing a bit of poking around, I see
that the system in question is listed as an NS for several things, so
systems doing queries for it's address is not unusual... Without
knowing the system on which you are seeing the following "denied", we
can't tell much.
> client 212.17.192.45#53: query 'UTC.UNIV-COOP.AUSTIN.TX.US/A/IN'
> denied
baremetal 17} dig -x 198.213.6.10
; <<>> DiG 9.4.1-P1 <<>> -x 198.213.6.10
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32435
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;10.6.213.198.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.6.213.198.in-addr.arpa. 86400 IN PTR utc.univ-coop.austin.tx.us.
;; AUTHORITY SECTION:
6.213.198.in-addr.arpa. 86399 IN NS utc.univ-coop.austin.tx.us.
6.213.198.in-addr.arpa. 86399 IN NS ns2.ots.utsystem.edu.
;; ADDITIONAL SECTION:
ns2.ots.utsystem.edu. 84035 IN A 206.77.62.130
utc.univ-coop.austin.tx.us. 84034 IN A 198.213.6.10
;; Query time: 740 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 26 13:08:05 2007
;; MSG SIZE rcvd: 163
>
> They are trying to query the same name over and over. However it is
> different clients from the outside. The same machine is also the mail
> server.
> Is the reason this is happening because they are trying to find our domain to
> send emails? However, we are currently getting emails?
AlanC
More information about the bind-users
mailing list