NEED A BIT OF NAMED EXPERIENCE

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Oct 8 01:57:33 UTC 2003 


> Oct 08 02:25:57.442 security: info: client 202.188.1.25#45382: query
> 'mail.eziekiel.com/IN' denied
> Oct 08 02:25:57.452 security: info: client 202.188.1.25#45382: query
> 'NS.eziekiel.com/IN' denied
> Oct 08 02:25:57.452 security: info: client 202.188.1.25#45382: query
> 'NS.eziekiel.com/IN' denied
> Oct 08 02:25:58.632 security: info: client 216.240.152.4#1205: query
> 'mail.eziekiel.com/IN' denied
> Oct 08 02:26:00.591 security: info: client 216.240.152.4#1205: query
> 'NS.eziekiel.com/IN' denied
> Oct 08 02:26:00.592 security: info: client 216.240.152.4#1205: query
> 'NS.eziekiel.com/IN' denied
> Oct 08 02:26:00.672 security: info: client 216.240.152.4#1205: query
> 'NS.eziekiel.com/IN' denied
> Oct 08 02:26:00.681 security: info: client 216.240.152.4#1205: query
> 'NS.eziekiel.com/IN' denied
> Oct 08 02:26:01.032 security: info: client 216.240.152.3#1601: query
> 'mail.eziekiel.com/IN' denied
> Oct 08 02:26:02.391 security: info: client 216.240.152.3#1601: query
> 'NS.eziekiel.com/IN' denied
> Oct 08 02:26:02.401 security: info: client 216.240.152.3#1601: query
> 'NS.eziekiel.com/IN' denied
> 
> Now on this last one a nameserver lookup gives me
> 
> 
> 216.240.152.3
> Server:         203.2.75.2
> Address:        203.2.75.2#53
> 
> Non-authoritative answer:
> 3.152.240.216.in-addr.arpa      name = ns3.calpop.com.
> 
> Authoritative answers can be found from:
> 152.240.216.in-addr.arpa        nameserver = ns1.calpop.com.
> 152.240.216.in-addr.arpa        nameserver = ns2.calpop.com.
> ns1.calpop.com  internet address = 216.240.130.2
> ns2.calpop.com  internet address = 216.240.150.2
> 
> Can some please explain if i have set my named.conf file to restrictivly or
> is this that someone is trying to use my nameserver to get information for
> them ??
> 
> Sorry  but i am kind of new to this
> 
> Kind regards
> 
> Andrew
> 
> 
> 

	NS.EZIEKIEL.COM is a listed nameserver for EZIEKIEL.COM as
	such it should be configured to answer questions about
	EZIEKIEL.COM for everybody.

	I would have helped if you had posted your current named.conf.
	Anyway the effective allow-query for EZIEKIEL.COM should be
	"any;".  If you have a allow-query at the options/view level
	you need to override it at the zone level.

	zone "EZIEKIEL.COM" {
		...
		allow-query { any; };
	};

	Mark

--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list