Question about some oddities in the logs

Torinthiel torinthiel at
Tue Feb 22 13:36:41 UTC 2011

Dnia 2011-02-22 13:29 Eivind Olsen napisał(a):

>On Tue, 22 Feb 2011 08:59:51 +0100, "Torinthiel" <torinthiel at>
>> Hmm, looks to me as the box listed as client sends some strange notify
>> messages. Notify normally should contain SOA, so that receiving NS can
>> tell if it has outdated zone or no. These don't. What (regarding DNS of
>> course) is on those machines?
>These come from a variety of IP-addresses, belonging to customers
>(we're an ISP). So I don't know what's really on the customers machines.

If your clients should send you notify messages (e.g. you host their 
secondary DNS, while they have the primary), and if there are no other 
symptoms of malfunction, I'd ignore it. they have no reason to send you 
notifies, then maybe you can ask them why are they sending it in the first 
place (assuming there's someone worth talking to). But still, I think it's 
safe to ignore.

>> asking for CH TXT version.bind returns bind's version, unless configured
>> not to do so. Maybe something also asks for A, but I dunno why. Are
>> these addresses in your network? Then you can tracethem down probably.
>These are again from customers addresses.

I'd ignore it. If someone thinks otherwise, please step up.

>> Now, the more important part - why would you be running a slave of root?
>> AFAIK the root servers don't a) allow transfer b) send you notifies, so
>> you'll be in trouble as soon as anything changes, which means every week
>> right now, that root is signed. Why is
>> zone "." in { type hint; }
>> not enough for you?
>At least some of the root servers allow transfers. They won't send me
>notifies, true. But I don't need that. Currently the root zone has a
>refresh value of 1800 seconds and expire = 604800 seconds, so my slave
>servers will check the root for updates often enough.
>One advantage is that we can now instantly reject queries for things
>like "eivind.local." instantly without having to ask the root servers
>where "local." is served.

Do these happen often enough to warrant such a setup? Ok, it looks it will 
work, but you are trading a few (asuming few such TLDs) *possible* queries 
per day, for a full zone transfer every  few days.


More information about the bind-users mailing list