How can I tell in the log if a query was successful or refused due to recursion?

[Tony Toews]

Mark Andrews <Mark_Andrews at isc.org> wrote:

>	allow-recursion will let the nameserver return whatever is in
>	the cache.

Cache?  What do you mean by cache?   I'm only trying to be the DNS server for the 23
low traffic domains on my web server.    No client systems on another side of a
firewall.

>	allow-query can be used to restrict access to the cache contents
>	and REFUSED will be returned.  If you use allow-query at the options
>	level don't forget to specify "allow-query { any; };" at the zone
>	level.

Ok, well, I've tried to post the contents of my configuration file twice now.  Once
about eight hours ago and once recently so we'll see if either of those postings gets
through.   Hopefully things will make more sense to others then.

I have queried my web server from a web page using a totally different domain and the
reply was refused.    And a domain on my web server did return data so I think the
recursive attack situation no longer exists.

All that I'm now getting is tens or hundreds of bogus requests per hour to my web
server.  Same as spam to non existent email address I guess.  Just ignore them.

>	In practice you should report this to your upstream so the forged
>	traffic can be traced down and stopped.

They're the ones who notified us of the problem.  I'll give them a call tomorrow and
see what's different.

>	Implementing BCP (Best Current Practic) 38 (RFC2827) is the way to
>	stop this sort of abuse.

That would be my upstream providers problem then.  We're only running a web server on
an ADSL connection on a fixed IP address at a friends house.

Tony
-- 
Tony Toews, Microsoft Access MVP
   Please respond only in the newsgroups so that others can 
read the entire thread of messages.
   Microsoft Access Links, Hints, Tips & Accounting Systems at 
http://www.granite.ab.ca/accsmstr.htm