ndc query question
Jim Reid
jim at mpn.cp.philips.com
Fri Aug 6 10:13:19 UTC 1999
>>>>> "Becki" == Becki Kain <beckers at josephus.furph.com> writes:
Becki> I turned query logging on on my 8.2.1 bind machine and I'm
Becki> getting stuff like this:
Becki> 05-Aug-1999 20:56:52.054 queries: info: XX+/209.69.35.2/coyote.gw.uiuc.edu/A
Becki> 05-Aug-1999 20:58:04.934 queries: info: XX+/209.69.35.2/137.24.68.204.in-addr.arpa/PTR
Becki> where 209.69.35.2 is the ip of my box. I can't find a good
Becki> reference for what this is telling me,
How about src/bin/named/ns_req.c?
Becki> but I thought it meant someone is coming from this ip and
Becki> doing an A record lookup on, say dns01.ops.usa.net.
Correct. The two querylog entries above show that IP address
209.69.35.2 sent your name server a query for an A record for
coyote.gw.uiuc.edu and a PTR record for 137.24.68.204.in-addr.arpa.
The "+" in the querylog entry is a new feature in BIND8.2. It means
that the query had the recursion desired bit set, which usually
indicates that the query came from a resolver rather than another name
server.
Becki> Or does this mean they are using me as a server and how do
Becki> I shut that off so only this machine can use itself as a server?
You can set up access control lists in named.conf (or your router) to
deny unwanted hosts access to your name server. However, what's the
point? If you don't want anything to use your name server - including
other name servers that have to lookup your domain - why bother
setting up a name server in the first place?
More information about the bind-users
mailing list