Receiving BIND requests on server that is no longer a DNS server. ..
Jim Reid
jim at rfc1035.com
Tue Apr 25 17:34:54 UTC 2000
>>>>> "Jon" == Blackman, Jonathan <Jon.Blackman at wl.com> writes:
Jon> Hi, We retired a DNS server a couple of years ago and now I
Jon> have noticed that there are still several DNS servers trying
Jon> to query the old address. Is there a way to find out where I
Jon> still have the old address: 204.114.255.1 defined. We
Jon> changed all of our NS record and NIC information way back.
Jon> So, I can't imagine where they are getting this from.
The chances are the queries are coming from resolvers: there will
probably be some legacy desktops in your net that were configured to
use the old server's IP address. Or maybe there are some idiot
forwarding name servers that keep going to this IP address? It might
be worthwhile starting a name server on that box again and turn on the
query logging to find out what names are being looked up. That might
give a clue about which domains might still have the old NS/A
records. [You could also get this info by getting tcpdump to look for
DNS queries to the old server's IP address.] At the very least, the
query logging will tell you who's looking up what. It might also be an
idea to check the delegations in the name servers for the parent
zones. Maybe you updated the forward zone's delegation but forgot
about the reverse?
More information about the bind-users
mailing list