[GLLUG] Spurious DNS zone notifications

John Winters john at sinodun.org.uk
Sun May 3 06:27:51 UTC 2015

On 03/05/15 01:15, Robert McKay wrote:
> On 2015-05-02 12:29, John Winters wrote:
>> I've just configured a VPS as a secondary DNS server.
>> Within minutes of setting it up, it started getting spurious zone
>> notifications from unknown IP addresses, e.g.:
>> May  2 12:21:51 nimbus named[830]: client received
>> notify for zone 'griffen.org.uk'
>> May  2 12:21:51 nimbus named[830]: zone griffen.org.uk/IN: refused
>> notify from non-master:
> aka anycast.ash.layer42.net is serving an up-to-date
> griffen.org.uk zone.. most likely it's some arrangement you had with a
> previous ISP and forgot to tell them you'd moved on?

Interesting.  I've only ever had one registrar involved with this domain
- Gradwell - and I'm in the process of moving away because they're
ceasing providing their secondary DNS service.

As this machine, which is one of several showing the same symptoms,
didn't get its copy of the domain from my master server, it must have
got it from Gradwell's secondaries, although why they'd configure things
like that is a mystery.  They list two IP addresses to which one must
allow zone transfers, and then three IP addresses (different ones) which
are to function as secondary DNS servers for queries.  The spurious
notifications are coming from machines which aren't in either list.
Since the 66.109... machine is not listed as a DNS server for griffen it
will never receive any queries about it.

At least it seems like it's not malice - just a collection of badly
configured (and widely distributed) servers.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20150503/e68b8dfb/attachment.pgp>

More information about the GLLUG mailing list