DNS & BIND Messages Log for XX+
Kevin Darcy
kcd at daimlerchrysler.com
Thu Aug 16 23:57:22 UTC 2001
You probably have query logging turned on on one server but not the other.
But, I'm a little confused about your architecture. Why forward *and* have a
hints file? You should be doing one or the other, not both.
And why does your internal root server have Internet root server information in
its hints file? How can you even *have* a hints file if you've already defined
the root zone as master or slave? Doesn't named reject one of those zones?
Also, BIND-8.2.2p7 has a horrible security exploit in it. Upgrade to 8.2.3 at
the very least.
- Kevin
rengland wrote:
> The following is a sample of the /var/adm/messages, I have two server setup
> in our internal environment that act as the (internal root) servers, we have
> internal DNS server that our clients and server point to. These DNS servers
> point to the (internal root) server that are secondary for all internal DNS
> zones. This way if the client DNS server don't know about another internal
> zone the (internal root) servers will know. Our client DNS server have
> forward statements that point to the (internal root) servers and the
> db.cache file only has the (internal root) DNS server in it. The (internal
> root) DNS server have a db.cache file that has the Internet Root DNS server.
>
> Both root DNS server are running BIND 8.2.2 p7. The log information below
> only appears on one of the internal root DNS server, but not on the other,
> any ideas why? We do not have any Logging directives in the named.conf
> file. I know the messages Indicates that our name server received a
> recursive query (XX+) from ip address for the address of the domain name.
> What I don't understand is :
> 1. Why does this message only appear on one of the servers?
> Everything appears to be working ok. Should I be doing something
> differently?
>
> Thanks for the help.
>
> Aug 16 17:25:43 rootdns1 named[209]:
> XX+/192.19.192.106/proflowers.m0.net/ANY/IN
> Aug 16 17:25:43 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme1/A/IN
> Aug 16 17:25:44 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme2/A/IN
> Aug 16 17:25:44 rootdns1 last message repeated 1 time
> Aug 16 17:25:46 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme1/A/IN
> Aug 16 17:25:46 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme2/A/IN
> Aug 16 17:25:46 rootdns1 named[209]: XX+/192.19.3.84/blenny/A/IN
> Aug 16 17:25:46 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme2/A/IN
> Aug 16 17:25:46 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme1/A/IN
> Aug 16 17:25:46 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme2/A/IN
> Aug 16 17:25:47 rootdns1 last message repeated 1 time
> Aug 16 17:25:48 rootdns1 named[209]: XX+/192.19.3.84/NJ7460EXCH004U/A/IN
> Aug 16 17:25:48 rootdns1 last message repeated 1 time
> Aug 16 17:25:48 rootdns1 named[209]:
> XX+/192.19.192.106/37.180.65.206.in-addr.arpa/PTR/IN
> Aug 16 17:25:48 rootdns1 named[209]:
> XX+/192.19.192.106/bounce.uu.commissioner.com/ANY/IN
> Aug 16 17:25:49 rootdns1 named[209]:
> XX+/192.19.192.106/ccomad3.uu.commissioner.com/ANY/IN
>
> Aug 16 17:28:42 rootdns1 named[209]: XX+/192.19.192.106/agere.com/ANY/IN
> Aug 16 17:28:42 rootdns1 last message repeated 1 time
> Aug 16 17:28:42 rootdns1 named[209]: XX+/192.19.192.106/pdq.net/ANY/IN
> Aug 16 17:28:42 rootdns1 named[209]: XX+/192.19.192.106/pdq.net/MX/IN
> Aug 16 17:28:42 rootdns1 named[209]: XX+/192.19.192.106/mx2.airmail.net/A/IN
> Aug 16 17:28:43 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme1/A/IN
> Aug 16 17:28:43 rootdns1 named[209]:
> XX+/192.19.3.84/0.0.0.0.in-addr.arpa/PTR/IN
> Aug 16 17:28:45 rootdns1 last message repeated 3 times
> Aug 16 17:28:46 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme1/A/IN
> Aug 16 17:28:46 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme2/A/IN
> Aug 16 17:28:47 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme1/A/IN
> Aug 16 17:28:47 rootdns1 named[209]: XX+/192.19.3.84/blenny/A/IN
> Aug 16 17:28:47 rootdns1 named[209]:
> XX+/192.19.3.84/0.0.0.0.in-addr.arpa/PTR/IN
> Aug 16 17:28:47 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme2/A/IN
> Aug 16 17:28:48 rootdns1 last message repeated 2 times
> Aug 16 17:28:48 rootdns1 named[209]:
> XX+/192.19.3.84/0.0.0.0.in-addr.arpa/PTR/IN
> Aug 16 17:28:48 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme1/A/IN
> Aug 16 17:28:49 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme2/A/IN
> Aug 16 17:28:49 rootdns1 named[209]:
> XX+/192.19.192.106/26.9.161.64.in-addr.arpa/PTR/IN
> Aug 16 17:28:49 rootdns1 named[209]:
> XX+/192.19.3.84/0.0.0.0.in-addr.arpa/PTR/IN
> Aug 16 17:28:50 rootdns1 named[209]: XX+/192.19.3.84/www.compaq.com/A/IN
> Aug 16 17:28:50 rootdns1 named[209]:
> XX+/192.19.192.106/64-161-9-26.brightlink.com/A/IN
> Aug 16 17:28:50 rootdns1 named[209]:
> XX+/192.19.3.84/0.0.0.0.in-addr.arpa/PTR/IN
> Aug 16 17:28:50 rootdns1 named[209]: XX+/192.19.3.84/tardis-hme1/A/IN
> Aug 16 17:28:51 rootdns1 named[209]:
> XX+/192.19.3.84/0.0.0.0.in-addr.arpa/PTR/IN
> Aug 16 17:28:51 rootdns1 named[209]: XX+/192.19.3.84/cypress/A/IN
> Aug 16 17:28:51 rootdns1 named[209]:
> XX+/192.19.192.106/64-161-9-26.brightlink.com/A/IN
> Aug 16 17:28:51 rootdns1 named[209]: XX+/192.19.192.106/lithics.com/ANY/IN
> Aug 16 17:28:51 rootdns1 named[209]: XX+/192.19.192.106/lithics.com/AAAA/IN
> Aug 16 17:28:51 rootdns1 named[209]:
> XX+/192.19.192.106/48.172.15.135.in-addr.arpa/PTR/IN
> Aug 16 17:28:51 rootdns1 named[209]: XX+/192.19.192.106/lithics.com/A/IN
> Aug 16 17:28:51 rootdns1 named[209]:
> XX+/192.19.192.106/rderelay.agere.com/A/IN
> Aug 16 17:28:51 rootdns1 named[209]: XX+/192.19.192.106/agere.com/ANY/IN
> Aug 16 17:28:51 rootdns1 last message repeated 1 time
> Aug 16 17:28:51 rootdns1 named[209]: XX+/192.19.192.106/gwl.com/ANY/IN
> Aug 16 17:28:51 rootdns1 named[209]: XX+/192.19.192.106/gwl.com/MX/IN
> Aug 16 17:28:51 rootdns1 named[209]:
> XX+/192.19.192.106/is-callahan.gwl.com/A/IN
More information about the bind-users
mailing list