Once upon a time, Phil Mayers <p.may...@imperial.ac.uk> said: >On the subject of rejected queries - although this isn't a bind question >per-se, I'm curious if anyone else here sees a lot of these: > >client 178.123.92.141#23861: view main: query (cache) >'mx242.emailfiltering.com/A/IN' denied > >We get *loads* of them to our authoritative resolvers. I am assuming >they are attempts at cache poisoning given the (ahem) dubious >geographical origin of the queries (no offense intended to anyone living >in those parts of the world) but I can't see any corresponding inbound >forged DNS packets in our netflow.
Do you have domains listing mx242.emailfiltering.com as an MX? I have seen some broken resolvers that will do an MX lookup and then turn around and do A lookups for the MX hosts at the same DNS server. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
