bind918 malfunction?

[Andreas S. Kerber]

Am Fri, Sep 06, 2024 at 09:27:21PM +0200 schrieb Ondřej Surý:
> Anyway - since you are hitting the 32 limit, perhaps bumping the limit to 100 (the value before) would help in your case? I am guessing the resolver is being used for a limited set of clients and the chance of this specific abuse is quite low.
> 
> https://bind9.readthedocs.io/en/v9.18.29/notes.html#notes-for-bind-9-18-29

Hi,

FYI our MTA rejection rate went up since updating from 9.18.28 to 9.18.29.
We're still troubleshooting and consider raising the limit back to 100.

Here's a list of PTRs which you might be interested in.
If the resolver cache is flushed, some of these names fail to resolve (SERVFAIL) at first and after wating a bit the names start to resolve. At least some of these names seem quite legitimate and I can't say if each of their zone setup is the culprit or the recursion limit is simply to low.

81.92.89.120.in-addr.arpa
254.29.9.128.in-addr.arpa
155.231.35.129.in-addr.arpa
193.115.9.154.in-addr.arpa
187.122.9.154.in-addr.arpa
251.161.92.159.in-addr.arpa
226.162.92.159.in-addr.arpa
74.34.71.161.in-addr.arpa
243.35.71.161.in-addr.arpa
161.36.71.161.in-addr.arpa
152.113.247.162.in-addr.arpa
55.239.235.168.in-addr.arpa
116.224.82.172.in-addr.arpa
196.123.96.176.in-addr.arpa
5.25.220.185.in-addr.arpa
155.86.58.185.in-addr.arpa
222.86.58.185.in-addr.arpa
116.111.104.194.in-addr.arpa
105.208.11.194.in-addr.arpa
113.228.181.194.in-addr.arpa
64.255.37.194.in-addr.arpa
180.47.162.205.in-addr.arpa
21.81.63.212.in-addr.arpa
80.144.171.213.in-addr.arpa
200.101.118.23.in-addr.arpa
208.55.247.37.in-addr.arpa
158.201.74.41.in-addr.arpa
158.205.74.41.in-addr.arpa
133.76.21.64.in-addr.arpa
181.147.118.82.in-addr.arpa
182.147.118.82.in-addr.arpa
149.116.187.90.in-addr.arpa
140.248.184.91.in-addr.arpa
64.224.198.91.in-addr.arpa
145.116.53.92.in-addr.arpa