[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Query NS <Root>

On Sunday 01 February 2004 14:50, Dale Amon wrote:
> Actually that's precisely how I discovered it. I added
> allow queries and was trying to figure out why I was
> denying so many queries per second.

You added it globally and to every zone? Also allow-transfer is a nice 
own to get into place. But you will see queries being denied and if you 
check those IP's you'll see that they don't run any nameserver. So 
don't worry to much.

> Others should take a look and see if this is really
> widespread. I'm getting it from a whole *bunch* of
> different ip's.

I did but wasn't impressed, only when the new cyberangels was making 
sure we needed to handle an extra 6 a 700 q/s ;-)

> I wish I could do the joke, but I have too many real
> zones that I primary and secondary so I can't really
> load a phony root.db.

It wasn't meant to be a serieus option, but then again people form 
newroot think it can be a serieus option.

> I agree with your analysis. It seems like a really
> stupid thing to do, which is why I am having trouble
> understanding why so many people are querying me
> like that. It just doesn't make sense.

I did what you have done a time ago and I just made sure everything was 
working well and the configuration was correct. After a week or two I 
didn't care anymore and nothing was broken in those two weeks what 
resulted in turning of some logging. And just like I said before, the 
IP's I have checked didn't run any "public" nameserver as far I could 


"How should I know if it works? That's what beta testers are for. I only 
coded it."
    -- Linus Torvalds

Reply to: