BIND sending quesries to 127.0.0.2?
Roland Dirlewanger
Roland.Dirlewanger at dr15.cnrs.fr
Thu Mar 1 08:15:03 UTC 2007
Wiley Sanders wrote:
>We have some Solaris and Fedora hosts set up as BIND "Applicances" for
>customers to use (abuse :-) ) as destinations for their resolvers and
>forwarders. We're seeing a few hosts sending out DNS queries to
>127.0.0.2, all asking for lookups at relays.ordb.org:
>
>chi001dn01.yipes.com -> 127.0.0.2 DNS C 0.0.0.0.relays.ordb.org.
>Internet Addr ?
>chi001dn01.yipes.com -> 127.0.0.2 DNS C
>88.14.155.141.relays.ordb.org. Internet Addr ?
>chi001dn01.yipes.com -> 127.0.0.2 DNS C 63.11.8.83.relays.ordb.org.
>Internet Addr ?
>chi001dn01.yipes.com -> 127.0.0.2 DNS C
>119.106.110.67.relays.ordb.org. Internet Addr ?
>chi001dn01.yipes.com -> 127.0.0.2 DNS C
>130.55.191.202.relays.ordb.org. Internet Addr ?
>
You should have a look on the configuration of your SMTP server, or any
SMTP server that uses your DNS for resolving addresses. One of these
SMTP servers is probably still configured to use the Open Relay Database
(ordb.org) : on each incoming connection from a client with IP address
a.b.c.d, your mail server tries to resolve a.b.c.d.relays.ordb.org.
Depending on the result, the SMTP server may qualify a.b.c.d as an open
SMTP relay and reject the incoming mail.
The problem is that ordb.org stopped its services on jan 1st, 2007. In
the beginning of january, the NS RR in relays.ordb.org were replaced by
"IN NS 127.0.0.2". This explains why requests are sent out using this
address.
The fix is simply to remove the use of ORDB in the configuration of your
SMTP connexion. For Postfix, you can do that by removing
"reject_rbl_client relays.ordb.org" from the "smtpd_client_restrictions".
Roland.
--
Roland Dirlewanger <Roland.Dirlewanger at dr15.cnrs.fr>
CNRS - Delegation Aquitaine-Limousin
Esplanade des Arts et Metiers
33402 TALENCE CEDEX
Tel : 05.57.35.58.52, Fax : 05.57.35.58.01
More information about the bind-users
mailing list