How not to set up your DNS (part 19)

June 26, 2009

It's been quite a while since the last installment, but today's is an interesting although simple case. Presented in the traditional illustrated format:

; sdig ns
; sdig a
; sdig a

As they say, 'I don't think so'. If you run a caching resolving nameserver that does not have in its access ACLs, this sort of thing is a great way to have mysterious messages show up in your logs about:

client query (cache) '' denied

(Guess how I noticed this particular problem.)

Judging from our logs, there seem to be a number of Chinese domains that have this problem (with the same DNS servers), assuming that it is a problem and not something deliberate.

Less straightforward is this case:

; sdig ns
; sdig a
; sdig a

One possible theory is that no longer wishes to be a DNS server for but can't get's cooperation, so they've just changed the A record for that name to something that makes people go away. ( has real working DNS servers of its own.)

Written on 26 June 2009.
« An advantage for hardware RAID over software RAID
Possible limits on our port multiplied ESATA performance »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Jun 26 15:43:24 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.