Unexpected queries
Neil W Rickert
rickert+nn at cs.niu.edu
Mon Dec 5 23:09:59 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tim Wilde <twilde at dyndns.com> writes:
>> The query is non-recursive. Named follows the CNAME. Attempts
>> to look in the cache which is denied by ACL, logs the fact that
>> it was denied, then returns the answer.
>I think I see the confusion here - the OP is seeing those two log entries
>as being two distinct queries, but what it sounds like you're saying,
>Mark, is that it is in fact two log entries for the same query, one for
>the actual query itself, and the second for the internal lookup following
>the CNAME.
That indeed appears to be the correct analysis. My apologies for
being confused over this.
Actually, a better description would be one log record for the query,
and a second log record for the denial. The log of the denial
contains a "query" tag, which is what confused me. Perhaps some
thought might be given to changing/removing the word "query" in the
logs that report a denial.
>Neil, can you check the logs of netmgrts.cso.niu.edu for a recent query
>for huskiesden.niu.edu from 63.208.196.3? Do you see both entries?
There is only one record logged in this case.
However, netmgrts.cso.niu.edu is configured to allow the cache query
from off-campus, while mp.cs.niu.edu is configured to disallow it.
So it isn't a perfect test.
I did look for a different denial log on mp.cs.niu.edu, one that does
not relate to a CNAME. Here is an example (with IP munged):
Dec 5 06:26:09 mp named[212]: client 99.99.99.99#10053: query: connected.sonymusic.com IN ANY -
Dec 5 06:26:09 mp named[212]: client 99.99.99.99#10053: query (cache) 'connected.sonymusic.com/ANY/IN' denied
The first log appears to report the query, and the second reports
the denial.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SunOS)
iD8DBQFDlMjCvmGe70vHPUMRAtlUAKCTUoNHzGCNctuh1uxbdPJ1J10VYQCcCN/o
VjrzrIe1vtpi7BAF1CE5H/E=
=JyeO
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list