Denied recursive query messages from named

Kevin Darcy kcd at daimlerchrysler.com
Thu Jan 4 01:31:54 UTC 2001 

The only thing I can think of is a crappy DNS implementation that gets confused
about delegations when following CNAMEs to PTRs, with the result that it thinks
your servers are authoritative for 100.80.190.208.in-addr.arpa.

One way to deal with this is just to go with the flow: set yourself up as a
slave for 100.80.190.208.in-addr.arpa. This won't stop the queries, but it
should stop the log messages, since in that case there won't be any recursion
necessary (and therefore none to deny). As an additional benefit, being a slave
for the zone will enable you to reverse-resolve your own addresses even if you
lose connectivity to the Internet.


- Kevin

Damon Brownd wrote:

> Our ISP recently delegated our in-addr.arpa subdomain for our /27 address
> block to our name server as specified in RFC 2317.  Since then, I've been
> getting bursts of messages like the following at semi-regular intervals.
> They tend to be from the same IP addresses but the addresses do change over
> time.  The thing that got my attention is that requests come from so many
> different IP numbers within a second or two with pauses of an hour or more
> between bursts.  Our name server is currently configured to allow recursive
> queries from internal addresses and reject them from elsewhere.  The name
> server is BIND 8.2.3.
>
> Are these messages safe to ignore or do they indicate a problem I need to do
> something about?
>
> %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.43  %%%%%%%%%%%
> Message from user SYSTEM on IRIS
> named: denied recursion for query from [216.52.85.194].3409 for
> 100.80.190.208.in-addr.arpa
>
> %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.81  %%%%%%%%%%%
> Message from user SYSTEM on IRIS
> named: denied recursion for query from [216.52.125.38].8857 for
> 100.80.190.208.in-addr.arpa
>
> %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.81  %%%%%%%%%%%
> Message from user SYSTEM on IRIS
> named: denied recursion for query from [64.94.206.66].1428 for
> 100.80.190.208.in-addr.arpa
>
> %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.84  %%%%%%%%%%%
> Message from user SYSTEM on IRIS
> named: denied recursion for query from [216.52.153.130].3591 for
> 100.80.190.208.in-addr.arpa
>
> %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.85  %%%%%%%%%%%
> Message from user SYSTEM on IRIS
> named: denied recursion for query from [216.52.44.194].1066 for
> 100.80.190.208.in-addr.arpa
>
> %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.86  %%%%%%%%%%%
> Message from user SYSTEM on IRIS
> named: denied recursion for query from [64.94.163.226].3319 for
> 100.80.190.208.in-addr.arpa
>
> %%%%%%%%%%%  OPCOM   3-JAN-2001 10:20:03.88  %%%%%%%%%%%
> Message from user SYSTEM on IRIS
> named: denied recursion for query from [63.251.235.226].2051 for
> 100.80.190.208.in-addr.arpa

More information about the bind-users mailing list