Denied Update Errors on Secondary Servers
Cricket Liu
cricket at nxdomain.com
Tue Aug 28 17:02:06 UTC 2001
> I would expect anyone outside our network not to get a response from
Dallas
> since we aren't allowing external queries against it. Our 3 secondaries
are
> what we have available for anyone to query against.etc and what we have
> registered with Network Solutions. Internal clients can query with no
> problems. Our primary is a third party DNS server that we really don't
want
> our clients querying against..directly anyhow. Instead we want them to go
to
> our secondaries which they are. Hopefully this sheds a little more light.
> BIND 9 is in the works and is something we're very much looking forward
to.
If you really don't want anyone querying it, you shouldn't list
dallas.jhuapl.edu
in your zones' NS records:
% dig @apldns1.jhuapl.edu. ns 244.128.in-addr.arpa.
; <<>> DiG 8.3 <<>> @apldns1.jhuapl.edu. ns 244.128.in-addr.arpa.
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUERY SECTION:
;; 244.128.in-addr.arpa, type = NS, class = IN
;; ANSWER SECTION:
244.128.in-addr.arpa. 1D IN NS dallas.jhuapl.edu.
244.128.in-addr.arpa. 1D IN NS apldns1.jhuapl.edu.
244.128.in-addr.arpa. 1D IN NS apldns2.jhuapl.edu.
244.128.in-addr.arpa. 1D IN NS apldns3.jhuapl.edu.
The first query to a 244.128.in-addr.arpa name server will follow the
delegation
from the in-addr.arpa name servers, which only includes
apldns[123].jhuapl.edu.
But successive queries will use any of the four.
cricket
More information about the bind-users
mailing list