Question about query log entries
Barry Margolin
barmar at alum.mit.edu
Fri Jan 7 01:04:28 UTC 2005
In article <crk61j$8tg$1 at sf1.isc.org>, webhead74 at gmail.com wrote:
> Hello,
>
> I'm rather new to bind. I've been reading the books & this newsgroup
> and feel pretty comfortable, but I have a question about some log
> entries I'm seeing. I've set up custom logging in named.conf and am
> sending query info to it's own log file. I've been seeing entries like
> this:
>
> client aaa.bbb.ccc.ddd#53: query: freezemail.com.my_domain_name.com IN
> MX
> client aaa.bbb.ccc.ddd#53: query:
> mxsvr.intervolved.net.my_domain_name.com IN MX
> client aaa.bbb.ccc.ddd#53: query:
> host116.distributedmail.net.my_domain_name.com IN A
>
> I understand the obvious stuff, like the client & the kind of record
> they're asking for. However, I don't understand why I'm seeing
> "my_domain_name.com" (my actual domain name) appended to each of the
> requests. Is this normal, or is something misconfigured somewhere?
> FWIW, all of the queries which look like this are coming from one host
> - a Symantec SGS firewall we use. Before I go yelling at the firewall
> guys to fix their broken equipment, I wanted a few expert opinions as
> to whether this was normal or not.
Some old resolver libraries will automatically append the default domain
to all queries, even if they already contain a ".".
The firewall is presumably just forwarding these queries on behalf of
machines behind it. Its log may show where these queries are coming
from.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list