direct queries of reverse zone, [not] using CNAME hack
Mark Andrews
Mark_Andrews at isc.org
Mon Sep 1 04:46:20 UTC 2008
> Hi Everyone,
>
> We have CIDR/29 reverse DNS delegated to us using the CNAME hack:
>
> > 109.216.80.206.in-addr.arpa is an alias for 109.104-111.216.80.206.in-addr.
> arpa.
> > 109.104-111.216.80.206.in-addr.arpa domain name pointer athena.norchemlab.c
> om.
>
> Every day we get a few queries to our published nameservers not for the
> 109.104-111.216... record, but for the 109.216...directly.
>
> Aug 26 13:50:42 athena named[12641]: client 193.108.155.114#53495: view ext:
> query (cache) '109.216.80.206.in-addr.arpa/PTR/IN' denied
193.108.155.114 is a193-108-155-114.deploy.akamaitechnologies.com.
I presume that whatever measurment technology they are using doesn't
take into account your configuration.
Note: Normally the servers for 104-111.216.80.206.in-addr.arpa would
also be (stealth) servers for 216.80.206.in-addr.arpa so that local
reverse resolution will work when the external link is down.
Mark
> Aug 26 13:50:42 kenny named[6387]: client 193.108.155.114#61543: view externa
> l: query (cache) '109.216.80.206.in-addr.arpa/PTR/IN' denied
> Aug 26 17:10:21 kenny named[6387]: client 193.108.92.65#50992: view external:
> query (cache) '110.216.80.206.in-addr.arpa/PTR/IN' denied
> Aug 26 17:10:21 athena named[12641]: client 193.108.92.65#59431: view ext: qu
> ery (cache) '110.216.80.206.in-addr.arpa/PTR/IN' denied
> Aug 25 08:33:52 kenny named[6387]: client 65.59.243.55#51757: view external:
> query (cache) '107.216.80.206.in-addr.arpa/PTR/IN' denied
> Aug 25 08:33:52 athena named[12641]: client 65.59.243.55#49414: view ext: que
> ry (cache) '107.216.80.206.in-addr.arpa/PTR/IN' denied
> Aug 23 17:45:40 athena named[12641]: client 193.108.92.65#53099: view ext: qu
> ery (cache) '104.216.80.206.in-addr.arpa/PTR/IN' denied
> Aug 23 17:45:40 kenny named[6387]: client 193.108.92.65#64805: view external:
> query (cache) '104.216.80.206.in-addr.arpa/PTR/IN' denied
> Aug 23 22:52:46 kenny named[6387]: client 72.247.122.151#50456: view external
> : query (cache) '106.216.80.206.in-addr.arpa/PTR/IN' denied
> Aug 23 22:52:46 athena named[12641]: client 72.247.122.151#60317: view ext: q
> uery (cache) '106.216.80.206.in-addr.arpa/PTR/IN' denied
>
> Is that due to some broken nameservers that can't handle the CNAME or a PTR
> with 6 components, a probe, or ??
>
> Thanks,
> Justin
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list