marcs at znep.com
Sat Aug 15 05:39:12 UTC 1998
It is possible that their their server started claiming false authority
for a tld (eg. com) and polluted some caches or another server started
claiming it was authoritative and polluted some caches. That would mean
that these broken servers now think that your customer's server is
authoritative for some tld.
The thing to do to verify that would be to check to see what some of the
servers that are querying your server think are the authoritative servers
for .com, etc. Then, if you find that they do think your customer's
server is authoritative, have them dump their cache to try to track back
where they got that record from, etc.
Oh, and make everyone upgrade their version of BIND. Unfortunately, far
too many people refuse even when they know their whole world can be messed
up by a broken nameserver or two unless they upgrade.
If the above is the problem, then there isn't really any short term fix.
You just have to get the source of the false authority records to stop,
then wait until TTLs expire.
On Fri, 14 Aug 1998 max at inc.net wrote:
> I am having some very bizzare DNS issues and am wondering if anyone
> will be able to shed some light on this. A customer of ours started
> recieving thousands of DNS requests for a wide range of domains,
> mostly foreign. The requests are coming from a wide range of ips
> most of which respond to nslookups "ie are nameservers". I have done
> a whois on some of the domains and the 2 name servers having the
> problems don't show up, I have also check to root servers and dont see
> anything which would direct those domains to the name servers. Their
> entire T1 is full from these requests about 1.2 meg. As the customer
> is in the business of web hosting they can kill named nor can they
> put up a packet filter to fix this. Also because there are literally
> hundreds of diffrent domains both preforming the lookups and being
> looked up it is not feasable to call the admin of each one to work
> this out. Anyone have any ideas?
> Max Spaulding
> Internet Connect, INC.
> max at inc.net
More information about the NANOG