Receiving BIND requests on server that is no longer a DNS ser ver. ..

Blackman, Jonathan Jon.Blackman at wl.com
Tue Apr 25 19:15:41 UTC 2000 

Thanks...I didn't mention that this used to be our external DNS for Internet
queries as opposed to our Intranet DNS internal to our network.  More than
likely it is DNS servers that are still holding on to the old NS records
after all this time.  I find it a little hard to believe that this
information would still be in their cache after two years though..-jon

-----Original Message-----
From: Brian Keves - NCS UAI Contractor [mailto:keves at synopsys.com]
Sent: Tuesday, April 25, 2000 1:54 PM
To: bind-users at isc.org
Subject: Re: Receiving BIND requests on server that is no longer a DNS
server. .. 




>>>>>> "Jon" == Blackman, Jonathan <Jon.Blackman at wl.com> writes:
>
>    Jon> Hi, We retired a DNS server a couple of years ago and now I
>    Jon> have noticed that there are still several DNS servers trying
>    Jon> to query the old address.  Is there a way to find out where I
>    Jon> still have the old address: 204.114.255.1 defined.  We
>    Jon> changed all of our NS record and NIC information way back.
>    Jon> So, I can't imagine where they are getting this from.
>
>The chances are the queries are coming from resolvers: there will
>probably be some legacy desktops in your net that were configured to
>use the old server's IP address. Or maybe there are some idiot
>forwarding name servers that keep going to this IP address? It might
>be worthwhile starting a name server on that box again and turn on the
>query logging to find out what names are being looked up. That might
>give a clue about which domains might still have the old NS/A
>records. [You could also get this info by getting tcpdump to look for
>DNS queries to the old server's IP address.] At the very least, the
>query logging will tell you who's looking up what. It might also be an
>idea to check the delegations in the name servers for the parent
>zones. Maybe you updated the forward zone's delegation but forgot
>about the reverse?

I have to concur about this later. We had traffic coming in for a long
time to old addresses before we realized we didn't change our reverse lookup
Name Server records for our IP blocks.

Do a whois at ARIN for your IP blocks at:

http://www.arin.net/whois/index.html

Brian
--
--
Brian Keves                    E-Mail:   keves at synopsys.com
Senior Unix Architect          Phone:    +1.650.584.4461
Network Computing Services     Cell:     +1.650.333.1223 #112
Synopsys, Inc.                 Fax:      +1.650.584.4343
700 East Middlefield Road      WWW:      http://www.synopsys.com
M/S C-11                       Physical: C1.136A
Mountain View, CA 94043-4033   "Who is John Galt?" - Ayn Rand

More information about the bind-users mailing list