Help understanding lame server error

Kevin Darcy kcd at chrysler.com
Thu Nov 20 02:19:39 UTC 2008 

Scott Haneda wrote:
> I have a good deal if lame server errors in my logs, which I am not 
> entirely understanding.
>
> 19-Nov-2008 15:36:34.657 lame-servers: info: lame server resolving 
> '170.73.234.209.in-addr.arpa' (in '73.234.209.in-addr.arpa'?): 
> 209.234.64.192#53
73.234.209.in-addr.arpa has been delegated to ns1.networkiowa.com 
(address 209.234.64.192), but that nameserver is not responding 
authoritatively for the zone. This is referred to technically as being 
"lame".

Fortunately one of the other delegated nameservers (storm.weather.net) 
*is* responding authoritatively. So the zone is not completely broken. 
But named is logging this as a warning. You can configure logging to 
ignore these lame-server conditions.
> 19-Nov-2008 15:36:34.955 lame-servers: info: lame server resolving 
> '127.52.195.166.in-addr.arpa' (in '52.195.166.in-addr.arpa'?): 
> 209.183.48.20#53
> 19-Nov-2008 15:36:34.975 lame-servers: info: lame server resolving 
> '221.250.53.206.in-addr.arpa' (in '250.53.206.in-addr.arpa'?): 
> 209.43.20.115#53
> 19-Nov-2008 15:36:34.989 lame-servers: info: lame server resolving 
> '127.52.195.166.in-addr.arpa' (in '52.195.166.in-addr.arpa'?): 
> 209.183.52.20#53
> 19-Nov-2008 15:36:35.050 lame-servers: info: lame server resolving 
> '127.52.195.166.in-addr.arpa' (in '52.195.166.in-addr.arpa'?): 
> 209.183.48.21#53
I assume, without looking, that the causes for these are similar to the 
example above.
>
> My server is not allowing recursions, other than to localnets. about 
> the only thing hitting it is an email server. So I am not clear on why 
> these lookups are happening, or why they are coming from all these 
> other IP's
Most email software these days, as a default, performs reverse-lookups 
of connecting client addresses as a form of spam detection (because it's 
common knowledge that spammers are genetically incapable of populating 
reverse records). It is thus perfectly normal to see a lot of 
reverse-lookup traffic from email servers.

BTW, if you want to determine where all of these reverse lookups were 
coming from, you could just turn on query logging. Why guess when you 
can tell for sure?

- Kevin

P.S. ns1.networkiowa.com is, apparently, an open recursor. I have 
attempted to notify the owner/operator of this fact.

More information about the bind-users mailing list