Logging
WBrown at e1b.org
WBrown at e1b.org
Tue Jan 8 13:56:16 UTC 2013
Timothe Litt <litt at acm.org> wrote on 01/08/2013 08:19:56 AM:
> What I think would be more useful is if named actually reported the
> issues to where they'd do some good. Perhaps a DNS extension "I got an
> invalid message from you" - so it shows up in the log of the server (and
> administrator) with the problem. (I'd worry about denial of service,
> though if the server is in fact lame, it's not providing service - at
> least to that zone . Abuse of the reporting mechanism is the main risk,
> and avoiding it would take some careful engineering.)
My sense of most lame servers is they served entities that had disappeared
from the face of the earth, taking most of their online presence with
them. The only thing left was their domain registration and the NS
records in the parent domain, probably due to multi-year registrations
that had not yet expired. Or they could have been spam related domains
that were no longer being used.
Reporting such domains would simply be noise.
If there is truly is a domain having technical difficulties with name
resolution, I suspect that they would find out about it soon enough
because no one would be able to connect to them:
- No email
- outgoing email might be rejected depending on receiver's
filtering policies
- No web presence
- Failure of other systems relying on DNS
Wouldn't dig +trace reveal the lame server with the BAD REFERRAL error?
>From lame.log:
08-Jan-2013 08:52:37.747 lame server resolving
'mail.desktoptrainingacademy.com' (in 'desktoptrainingacademy.com'?):
208.89.21.65#53
And "dig +trace desktoptrainingacademy.com" returns
; <<>> DiG 9.4.2-P2.1 <<>> +trace desktoptrainingacademy.com
;; global options: printcmd
. 452564 IN NS g.root-servers.net.
. 452564 IN NS h.root-servers.net.
. 452564 IN NS l.root-servers.net.
. 452564 IN NS e.root-servers.net.
. 452564 IN NS a.root-servers.net.
. 452564 IN NS m.root-servers.net.
. 452564 IN NS i.root-servers.net.
. 452564 IN NS b.root-servers.net.
. 452564 IN NS c.root-servers.net.
. 452564 IN NS k.root-servers.net.
. 452564 IN NS j.root-servers.net.
. 452564 IN NS d.root-servers.net.
. 452564 IN NS f.root-servers.net.
;; Received 508 bytes from 168.169.12.2#53(168.169.12.2) in 0 ms
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
;; Received 504 bytes from 202.12.27.33#53(m.root-servers.net) in 188 ms
desktoptrainingacademy.com. 172800 IN NS ns2.evolveip.net.
desktoptrainingacademy.com. 172800 IN NS ns1.pbp.com.
;; Received 128 bytes from 192.12.94.30#53(e.gtld-servers.net) in 94 ms
desktoptrainingacademy.com. 3600 IN A 216.4.210.253
;; Received 60 bytes from 208.89.23.71#53(ns1.pbp.com) in 12 ms
root at ns5:/etc/bind# dig +trace mail.desktoptrainingacademy.com
; <<>> DiG 9.4.2-P2.1 <<>> +trace mail.desktoptrainingacademy.com
;; global options: printcmd
. 452533 IN NS e.root-servers.net.
. 452533 IN NS j.root-servers.net.
. 452533 IN NS a.root-servers.net.
. 452533 IN NS d.root-servers.net.
. 452533 IN NS m.root-servers.net.
. 452533 IN NS c.root-servers.net.
. 452533 IN NS h.root-servers.net.
. 452533 IN NS k.root-servers.net.
. 452533 IN NS b.root-servers.net.
. 452533 IN NS l.root-servers.net.
. 452533 IN NS g.root-servers.net.
. 452533 IN NS i.root-servers.net.
. 452533 IN NS f.root-servers.net.
;; Received 508 bytes from 168.169.12.2#53(168.169.12.2) in 0 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 512 bytes from 199.7.83.42#53(l.root-servers.net) in 134 ms
desktoptrainingacademy.com. 172800 IN NS ns2.evolveip.net.
desktoptrainingacademy.com. 172800 IN NS ns1.pbp.com.
;; Received 133 bytes from 192.35.51.30#53(f.gtld-servers.net) in 77 ms
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
;; BAD REFERRAL
;; Received 260 bytes from 208.89.21.65#53(ns2.evolveip.net) in 13 ms
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
More information about the bind-users
mailing list