Request storm

[Bill Moseley]

Question about queries to my named:

I noticed that my secondary (granitecanyon) was not answering queries for
my domain today -- don't know why as they had my zone a few days ago.  

I SIGHUP'ed bind to send out a NOTIFY, but didn't see the request for a
zone transfer.  So I went to granitecanyon's web site and reentered my
secondary setup info.

I didn't realized that I had left logging on in my firewall setup for
connections to UDP port 53, but seconds after I submitted my secondary info
to granitecanyon by email I started to see the firewall logs written to my
log from dozens of machine seemingly unrelated to each other.  This went on
for almost ten minutes.

I'm unclear if they are related, but it's odd timing.  Any idea what would
have triggered a flurry of requests to this normally quiet machine?  I
looked through my log file and I see periodic yet infrequent firewall logs
to my DNS, but nothing like the above.

I didn't have logging enabled in bind, so I don't know what the queries
were, just that machines were contacting my udp port 53.

Any ideas?

Another question:  I don't allow queries outside my domain.  So someone
could connect to my name server ns1.hank.org and see that my secondary is
ns1.granitecanyon.com.  But if someone then tries to lookup
ns1.granitecanyon.com on ns1.hank.org their query will be refused.  Can
this cause any problems, and if so, why?

Thanks very much,

Bill Moseley
mailto:moseley at hank.org