BIND sending quesries to 127.0.0.2?
Clenna Lumina
savagebeaste at yahoo.com
Tue Mar 6 20:53:57 UTC 2007
Roland Dirlewanger wrote:
> Wiley Sanders wrote:
>
>> We have some Solaris and Fedora hosts set up as BIND "Applicances"
>> for customers to use (abuse :-) ) as destinations for their
>> resolvers and forwarders. We're seeing a few hosts sending out DNS
>> queries to 127.0.0.2, all asking for lookups at relays.ordb.org:
>>
>> chi001dn01.yipes.com -> 127.0.0.2 DNS C 0.0.0.0.relays.ordb.org.
>> Internet Addr ?
>> chi001dn01.yipes.com -> 127.0.0.2 DNS C
>> 88.14.155.141.relays.ordb.org. Internet Addr ?
>> chi001dn01.yipes.com -> 127.0.0.2 DNS C
>> 63.11.8.83.relays.ordb.org. Internet Addr ?
>> chi001dn01.yipes.com -> 127.0.0.2 DNS C
>> 119.106.110.67.relays.ordb.org. Internet Addr ?
>> chi001dn01.yipes.com -> 127.0.0.2 DNS C
>> 130.55.191.202.relays.ordb.org. Internet Addr ?
>>
> You should have a look on the configuration of your SMTP server, or
> any SMTP server that uses your DNS for resolving addresses. One of
> these
> SMTP servers is probably still configured to use the Open Relay
> Database (ordb.org) : on each incoming connection from a client with
> IP address a.b.c.d, your mail server tries to resolve
> a.b.c.d.relays.ordb.org. Depending on the result, the SMTP server may
> qualify a.b.c.d as an open SMTP relay and reject the incoming mail.
>
> The problem is that ordb.org stopped its services on jan 1st, 2007. In
> the beginning of january, the NS RR in relays.ordb.org were replaced
> by "IN NS 127.0.0.2". This explains why requests are sent out using
> this address.
>
> The fix is simply to remove the use of ORDB in the configuration of
> your SMTP connexion. For Postfix, you can do that by removing
> "reject_rbl_client relays.ordb.org" from the
> "smtpd_client_restrictions".
Are there any other services out there like ordb? This sort of open
relay filtering is exactly what I want to impliment on my sendmail
server.
More information about the bind-users
mailing list