On Sun, Feb 01, 2004 at 03:46:07PM +0100, Hans Spaans wrote: > You added it globally and to every zone? Also allow-transfer is a nice > own to get into place. But you will see queries being denied and if you
Yes, I've got allow-transfer groups on all domains; allow-query { any; } on all domains I server, and an options allow-query group and allow-recursion group in options so that only authorized sites can use the cache. > check those IP's you'll see that they don't run any nameserver. So > don't worry to much. I'd originally thought otherwise, but as I went through the trace I found the real name servers were trying to do a lookup for a dead zone, one I used to host but which the owner has taken off line. Some fairly big ISP's are using annoying short Retry times... > I did but wasn't impressed, only when the new cyberangels was making > sure we needed to handle an extra 6 a 700 q/s ;-) I have to be careful though as I get phone calls if my bandwidth usage goes too high. It got so bad a week ago (before I put in the blocking) that processes were dying on my server due to memory starvation (the kernel was killing processes as resources were being overused), that I had to risk down time to do something about it. I'd still be interested to know if anyone knows *why* so many people are doing this. I know what they are doing; I can block it; but I'm curious. I've got a gut feeling it has something to do with spammers hiding their tracks, but I'm not sure how it would or why it would be useful to them. I just can't come up with anything else. -- ------------------------------------------------------ Dale Amon [EMAIL PROTECTED] +44-7802-188325 International linux systems consultancy Hardware & software system design, security and networking, systems programming and Admin "Have Laptop, Will Travel" ------------------------------------------------------