Broken resolvers following MX requests wrong?

Chris Adams cmadams at hiwaay.net
Sat Oct 18 04:50:16 UTC 2008


Watching requests to my authoritative servers running BIND, I'm seeing
what appear to be broken resolvers regularly.  The problem is with
domains that use outsourced spam filtering like Postini or MX Logic,
where the MX records for example.com get set to
example.com.something1.mxlogicmx.net and such.  What I'm seeing is that
the resolver then turns around and asks my authoritative servers to
resolve the ...mxlogicmx.net records (which of course it doesn't since
I'm not MX Logic).

I just refuse such requests, but why would it even ask that?  Isn't this
just another way caches could be poisoned?  The client resolver asked my
server a question; it'd be easy to return an answer without any IP
spoofing required.

I also see resolvers that, when they get a request refused (e.g. for a
domain that has been cancelled and removed from my servers), they just
keep pounding away, making sometimes dozens of requests per second for
the same thing.  What broken behavior causes that?
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.


More information about the bind-users mailing list