query (cache) 'coriander.plus.com/A/IN' denied
Barry Margolin
barmar at alum.mit.edu
Fri Mar 20 17:06:38 UTC 2009
In article <gq0gtm$1a0g$1 at sf1.isc.org>,
Carl Fretwell <carl at growstudio.co.uk> wrote:
>
> We have a domain which we serve dns for but we don't handle mail for this c=
> lient. However in the log file I can see all the time that there mail serve=
> r is trying to run a query on our dns server but is being denied.
>
> The log message
>
> 20-Mar-2009 16:32:54.984 security: info: client 95.102.17.107#14080: query =
> (cache) 'coriander.plus.com/A/IN' denied
Is it always the same client IP? That IP is some random DSL user in
Slovakia.
>
> And in the clients zone file we have
>
> @ IN MX 10 coriander.plus.com.
>
> Is this anything to worry about? How can I determine if the client is recei=
> ving email - without asking - because these appear in the log all the time.
This suggests one of the following problems:
1. 95.102.17.107 is pointing to your nameserver in its resolver
configuration, but your server doesn't allow them to use you as a
resolver (the IP isn't in your allow-recursion and allow-query-cache
ACL).
2. The plus.com zone is delegated to your server, but you're not
properly configured to serve it.
It doesn't look like #2. The zone is delegated to ns1.force9.net and
ns2.force9.net, and they appear to be responding properly.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list