query (cache) 'coriander.plus.com/A/IN' denied

Jeff Lightner jlightner at water.com
Fri Mar 20 17:15:11 UTC 2009 

We had need to continue to have the MX record a domain we acquired point
to an external location.   The MX record was modified and the email
continued to work.  I did see odd lookups in the logs but disregarded
them as they were failures - it looked like the target mail server was
the one trying to query us though I could see no reason for it.  As it
didn't impeded mail flow to/from that target mail server I ignored the
messages.

Earlier this week we changed the MX record back to our mail server but
that was only because we no longer needed to allow access to the
original rather than due to any problem.

-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Barry Margolin
Sent: Friday, March 20, 2009 1:07 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: query (cache) 'coriander.plus.com/A/IN' denied

In article <gq0gtm$1a0g$1 at sf1.isc.org>,
 Carl Fretwell <carl at growstudio.co.uk> wrote:

> 
> We have a domain which we serve dns for but we don't handle mail for
this c=
> lient. However in the log file I can see all the time that there mail
serve=
> r is trying to run a query on our dns server but is being denied.
> 
> The log message
> 
> 20-Mar-2009 16:32:54.984 security: info: client 95.102.17.107#14080:
query =
> (cache) 'coriander.plus.com/A/IN' denied

Is it always the same client IP?  That IP is some random DSL user in 
Slovakia.

> 
> And in the clients zone file we have
> 
> @               IN   MX       10         coriander.plus.com.
> 
> Is this anything to worry about? How can I determine if the client is
recei=
> ving email - without asking - because these appear in the log all the
time.

This suggests one of the following problems:

1. 95.102.17.107 is pointing to your nameserver in its resolver 
configuration, but your server doesn't allow them to use you as a 
resolver (the IP isn't in your allow-recursion and allow-query-cache 
ACL).

2. The plus.com zone is delegated to your server, but you're not 
properly configured to serve it.

It doesn't look like #2.  The zone is delegated to ns1.force9.net and 
ns2.force9.net, and they appear to be responding properly.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list