dns-operations AT lists.opennicproject.org
Subject: Dns-operations mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: dns-operations AT lists.opennicproject.org
- Subject: Re: [opennic-dns-operations] Should I act on bad notify attempts?
- Date: Mon, 11 Feb 2013 09:09:42 -0700
Keep in mind that even though the tier-2 servers distribute the dns.opennic.glue zone, the tier-1 servers are also valid sources and will likely try to notify on it as well.
I can vouch for 173.160.58.202 (corresponds to 216.87.84.211) and all of 2001:470:f032:10::* (corresponds to 2001:470:8388:10::*). I have two IP blocks, but I only officially list one of them. These IP's may send out DNS data if my other connection is busy, but it does not listen for incoming connections. You can safely whitelist or ignore those IP's, it won't matter either way.
On 02/09/2013 10:09 AM, Steve Snyder wrote:
On 02/09/2013 11:18 AM, Brian Koontz wrote:
On Sat, Feb 09, 2013 at 08:56:52AM -0500, Steve Snyder wrote:
There are a handful of non-Master DNS servers that constantly try to...
notify my server. Should I act on this (block via iptables, etc.)
or just accept that there will always be misconfigured servers
somewhere and ignore them?
2079 2001:470:1f10:c6::20...
This is interesting, because this one is mine, and each zone I serve
explictly specifies "notify no." Which zones exactly are you
receiving notifies for?
--Brian
09-Feb-2013 16:42:06.865 notify: client 2001:470:1f10:c6::20#15520: received notify for zone 'dns.opennic.glue'
09-Feb-2013 16:42:06.865 general: zone dns.opennic.glue/IN: refused notify from non-master: 2001:470:1f10:c6::20#15520
09-Feb-2013 16:42:11.866 notify: client 2001:470:1f10:c6::20#15520: received notify for zone 'dns.opennic.glue'
09-Feb-2013 16:42:11.866 general: zone dns.opennic.glue/IN: refused notify from non-master: 2001:470:1f10:c6::20#15520
09-Feb-2013 16:42:21.865 notify: client 2001:470:1f10:c6::20#15520: received notify for zone 'dns.opennic.glue'
09-Feb-2013 16:42:21.865 general: zone dns.opennic.glue/IN: refused notify from non-master: 2001:470:1f10:c6::20#15520
09-Feb-2013 16:42:26.866 notify: client 2001:470:1f10:c6::20#15520: received notify for zone 'dns.opennic.glue'
09-Feb-2013 16:42:26.866 general: zone dns.opennic.glue/IN: refused notify from non-master: 2001:470:1f10:c6::20#15520
09-Feb-2013 16:42:36.865 notify: client 2001:470:1f10:c6::20#15520: received notify for zone 'dns.opennic.glue'
09-Feb-2013 16:42:36.865 general: zone dns.opennic.glue/IN: refused notify from non-master: 2001:470:1f10:c6::20#15520
09-Feb-2013 16:42:41.866 notify: client 2001:470:1f10:c6::20#15520: received notify for zone 'dns.opennic.glue'
09-Feb-2013 16:42:41.866 general: zone dns.opennic.glue/IN: refused notify from non-master: 2001:470:1f10:c6::20#15520
----
To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
- [opennic-dns-operations] Should I act on bad notify attempts?, Steve Snyder, 02/09/2013
- Re: [opennic-dns-operations] Should I act on bad notify attempts?, Guillaume Parent, 02/09/2013
- Re: [opennic-dns-operations] Should I act on bad notify attempts?, Brian Koontz, 02/09/2013
- Re: [opennic-dns-operations] Should I act on bad notify attempts?, Steve Snyder, 02/09/2013
- Re: [opennic-dns-operations] Should I act on bad notify attempts?, Brian Koontz, 02/09/2013
- Re: [opennic-dns-operations] Should I act on bad notify attempts?, Alex Hanselka, 02/10/2013
- Re: [opennic-dns-operations] Should I act on bad notify attempts?, Jeff Taylor, 02/11/2013
- Re: [opennic-dns-operations] Should I act on bad notify attempts?, Brian Koontz, 02/09/2013
- Re: [opennic-dns-operations] Should I act on bad notify attempts?, Steve Snyder, 02/09/2013
Archive powered by MHonArc 2.6.19.