Simple reverse lookup query question.
Kevin Darcy
kcd at daimlerchrysler.com
Thu Feb 15 03:31:22 UTC 2001
Hisashi T Fujinaka wrote:
> On Wed, 14 Feb 2001, Kevin Darcy wrote:
>
> > Since 208.187.215.3 is what fls.i8u.org resolves to, I would guess
> > that this is someone running "nslookup" against your server. nslookup
> > always tries to reverse-resolve the address of whatever nameserver it
> > uses. Turn on query logging: do you see a forward lookup from this
> > same address immediately after the reverse lookup?
>
> I really should read some RFC's. :) Am I supposed to resolve the reverse?
That's up to your discretion. There's no requirement that your nameserver be able to reverse-resolve its own address.
It's just a nasty misfeature of nslookup that those lookups are being generated in the first place (assuming that's
what's generating them).
> This responsibility surely isn't delegated to me.
>
> I suppose this is one of the new features of 8.2.3?
In order to allow the client to resolve this, you'd need to, at a minimum, relax your allow-query ACL(s). Also, you'd
need to relax any allow-recursion ACLs you have, or make yourself a stealth slave for the reverse zone, in which case
recursion wouldn't be necessary. There isn't anything particularly different about 8.2.3 in this regard.
- Kevin
> > As for the "who are they?" question, there is no reverse resolution
> > for that address. It's in a netblock owned by Exodus Communications.
> > You could try asking them.
> >
> > Hisashi T Fujinaka wrote:
> >
> > > I keep getting the following error. Why are they querying me for my
> > > reverse? And who are they?
> > >
> > > Feb 14 11:58:16 fls.i8u.org named[177]: denied query from [209.225.33.188].32217 for "3.215.187.208.in-addr.arpa"
>
> --
> Hisashi T Fujinaka - htodd at twofifty.com
> BSEE (6/86) + BSChem (3/95) + BAEnglish (8/95) + $2.50 = mocha latte
More information about the bind-users
mailing list