Bad Refferal
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Tue Apr 17 15:44:06 UTC 2001
> On Wed, 18 Apr 2001 Mark.Andrews at nominum.com wrote:
>
> >> I am getting the following message as a security violations:
> >> "Apr 17 06:31:44 ns1 named[142]: bad referral (174.147.192.in-addr.arpa !<
> 21
> >> 8.174.147.192.in-addr.arpa)
> >> from [192.147.174.26].53"
> > It looks 174.147.192.in-addr.arpa delegates the entire /24
> > at the individual reverse address to ns00.exactis.com and
> > ns01.exactis.com. These servers are set up to serve the
> > /24 as 1 zone not 256 zones.
> > Normally the entire /24 would be delegated by the ISP (Verio
> > in this case) getting registry (ARIN in this case) to update
> > its delegation records to point to the servers in question,
> > not by delegating every individual address.
>
> I think I have a somewhat similar/connected problem with delegation (see
> several messages back, subject "reverse dns and broken delegations" if
> interested).
>
> Can this also be solved by having the verio serve the /24 zone of type
> stub with one of the exactis name servers as a master?
No.
> From what I can
> puzzle out, it seems like this would tell all queriers to refer to the
> exactis name servers for an authoritative answer...
>
> Or would this introduce lame delegation since the verio name server has
> been delegated the zone, but does not have authoritative data?
Yes, it would introduce a lame delegation.
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list