Multiple queries for same host
Alex
mysqlstudent at gmail.com
Thu Sep 17 18:17:07 UTC 2015
Hi,
> These queries in your logs (at least the ones you’ve sent as examples) are not identical.
>
> Sometimes stub resolvers will rapid-fire queries at an iterative resolver for the same record, but that doesn’t appear to be happening in this case. These queries are just for very similar looking records in very similar domains, but the example you sent is 5 queries for 5 different names.
I don't know how I missed that. Thanks for double-checking.
> In the first 2 queries, the client is requesting to see whether 69.16.223.254 is in the Spamhaus Block List as well as the ZEN. Since the SBL is a subset of ZEN, I would argue that if they are querying ZEN, also querying the SBL is redundant and the (I assume it’s a mail server) client machine should be configured to only query ZEN.
Yes, that's correct, it's a mail server with postfix and postscreen
weighting similar to something like this:
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8
dnsbl.sorbs.net=127.0.0.10*8
b.barracudacentral.org*7
dnsbl.sorbs.net=127.0.0.5*6
mykey.zen.dq.spamhaus.net=127.0.0.[4..7]*6
bl.mailspike.net*4
bl.spamcop.net*4
bl.spameatingmonkey.net*4
mykey.zen.dq.spamhaus.net=127.0.0.3*4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
Thanks again,
Alex
More information about the bind-users
mailing list