Question about some oddities in the logs
Eivind Olsen
eivind at aminor.no
Tue Feb 22 12:29:44 UTC 2011
On Tue, 22 Feb 2011 08:59:51 +0100, "Torinthiel" <torinthiel at data.pl>
wrote:
> Hmm, looks to me as the box listed as client sends some strange notify
> messages. Notify normally should contain SOA, so that receiving NS can
> tell if it has outdated zone or no. These don't. What (regarding DNS of
> course) is on those machines?
These come from a variety of IP-addresses, belonging to customers
(we're an ISP). So I don't know what's really on the customers machines.
> asking for CH TXT version.bind returns bind's version, unless configured
> not to do so. Maybe something also asks for A, but I dunno why. Are
> these addresses in your network? Then you can tracethem down probably.
These are again from customers addresses.
> Now, the more important part - why would you be running a slave of root?
> AFAIK the root servers don't a) allow transfer b) send you notifies, so
> you'll be in trouble as soon as anything changes, which means every week
> right now, that root is signed. Why is
> zone "." in { type hint; }
> not enough for you?
At least some of the root servers allow transfers. They won't send me
notifies, true. But I don't need that. Currently the root zone has a
refresh value of 1800 seconds and expire = 604800 seconds, so my slave
servers will check the root for updates often enough.
One advantage is that we can now instantly reject queries for things
like "eivind.local." instantly without having to ask the root servers
where "local." is served.
Regards
Eivind Olsen
More information about the bind-users
mailing list