Hi,
> These queries in your logs (at least the ones you’ve sent as examples) are
> not identical.
>
> Sometimes stub resolvers will rapid-fire queries at an iterative resolver for
> the same record, but that doesn’t appear to be happening in this case. These
> queries are just for very similar looking records in very similar domains,
> but the example you sent is 5 queries for 5 different names.
I don't know how I missed that. Thanks for double-checking.
> In the first 2 queries, the client is requesting to see whether 69.16.223.254
> is in the Spamhaus Block List as well as the ZEN. Since the SBL is a subset
> of ZEN, I would argue that if they are querying ZEN, also querying the SBL is
> redundant and the (I assume it’s a mail server) client machine should be
> configured to only query ZEN.
Yes, that's correct, it's a mail server with postfix and postscreen
weighting similar to something like this:
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net=127.0.0.[10;11]*8
dnsbl.sorbs.net=127.0.0.10*8
b.barracudacentral.org*7
dnsbl.sorbs.net=127.0.0.5*6
mykey.zen.dq.spamhaus.net=127.0.0.[4..7]*6
bl.mailspike.net*4
bl.spamcop.net*4
bl.spameatingmonkey.net*4
mykey.zen.dq.spamhaus.net=127.0.0.3*4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
Thanks again,
Alex
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
