Once upon a time, Phil Mayers <[email protected]> said: >On the subject of rejected queries - although this isn't a bind question >per-se, I'm curious if anyone else here sees a lot of these: > >client 178.123.92.141#23861: view main: query (cache) >'mx242.emailfiltering.com/A/IN' denied > >We get *loads* of them to our authoritative resolvers. I am assuming >they are attempts at cache poisoning given the (ahem) dubious >geographical origin of the queries (no offense intended to anyone living >in those parts of the world) but I can't see any corresponding inbound >forged DNS packets in our netflow.
Do you have domains listing mx242.emailfiltering.com as an MX? I have seen some broken resolvers that will do an MX lookup and then turn around and do A lookups for the MX hosts at the same DNS server. -- Chris Adams <[email protected]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
