Re: Query NS <Root>
On Sunday 01 February 2004 14:50, Dale Amon wrote:
> Actually that's precisely how I discovered it. I added
> allow queries and was trying to figure out why I was
> denying so many queries per second.
You added it globally and to every zone? Also allow-transfer is a nice
own to get into place. But you will see queries being denied and if you
check those IP's you'll see that they don't run any nameserver. So
don't worry to much.
> Others should take a look and see if this is really
> widespread. I'm getting it from a whole *bunch* of
> different ip's.
I did but wasn't impressed, only when the new cyberangels was making
sure we needed to handle an extra 6 a 700 q/s ;-)
> I wish I could do the joke, but I have too many real
> zones that I primary and secondary so I can't really
> load a phony root.db.
It wasn't meant to be a serieus option, but then again people form
newroot think it can be a serieus option.
> I agree with your analysis. It seems like a really
> stupid thing to do, which is why I am having trouble
> understanding why so many people are querying me
> like that. It just doesn't make sense.
I did what you have done a time ago and I just made sure everything was
working well and the configuration was correct. After a week or two I
didn't care anymore and nothing was broken in those two weeks what
resulted in turning of some logging. And just like I said before, the
IP's I have checked didn't run any "public" nameserver as far I could
check.
Hans
--
"How should I know if it works? That's what beta testers are for. I only
coded it."
-- Linus Torvalds
Reply to: