Name server queries coming to a mail server?

---

• From: John Murtari <jmurtari@xxxxxxxxxxx>
• Date: Fri, 26 May 2006 12:53:01 -0400

---

Folks,
Due to a change in upstream service providers we
recently went through a complete IP renumbering, including
our mail and DNS servers. We wanted to be especially careful
to make sure DNS requests had drained off to our old addresses
before fully implementing the new -- we had our nameservers listenting
on both addresses.

Access lists on a cisco router allowed us to count traffic
to each IP address, but we were surprised to see a large amount of
name server requests going to a mailserver we have (it does run a
full DNS server, but is meant as a backup, and we don't publish
its address).

For a while, we dropped external DNS requests (port 53) heading
to our mail server -- but that seemed to cause a delay in email processing.
We normally run 40-60 sendmail processes during the day, it increased
to about 100? We reallowed external access and all returned to normal.

We went ahead with the IP change, and we noticed the requests
actually followed the new address of the machine? The router allows us
to log packet details and there is no discernable patterns, requests
are originating from a variety of IP addresses.

We're really scratching our heads over this and would
welcome any thoughts? Our mail server does a lot of DNS lookups,
it uses the DNS server on that machine, but as 'localhost' -- that
would not explain the external traffic we see.
--
John
___________________________________________________________________
John Murtari Software Workshop Inc.
jmurtari@following domain 315.635-1968(x-211) "TheBook.Com" (TM)
http://thebook.com/
.

---

• Follow-Ups:
  • Re: Name server queries coming to a mail server?
    • From: Per Hedeland

• Prev by Date: Re: Logging Attachments
• Next by Date: Re: Name server queries coming to a mail server?
• Previous by thread: Logging Attachments
• Next by thread: Re: Name server queries coming to a mail server?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Forwarding for unknown addresses ... I'm having a problem with the domain DNS server not ... forwarding requests for our reverse domain to our main DNS ... This server acts as a forwarder - it only knows ... For the Forward Lookup Zone, ... (microsoft.public.win2000.dns) Re: Forwarding for unknown addresses ... > forwarding requests for our reverse domain to our main DNS ... This server acts as a forwarder - it only knows ... > For the Forward Lookup Zone, ... > win.whatever.com request to a main DNS server. ... (microsoft.public.win2000.dns) Re: Track DNS Requests ... > look at a cache of requests. ... Technically this is more a cache of responses than requests since ... DNS server had to ask other servers. ... (microsoft.public.windows.server.dns) Re: Cannot access internal website - 502 proxy error ... LAN's NIC of ISA 2004 already point to internal DNS server and our DNS ... Set up ISA2k4 so that it can resolve your domain DNS requests through your ... NIC of ISA 2k4) and I config proxy on their IE. ... (microsoft.public.isa) RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND ... > attack against DNS servers. ... > target DNS server, making the server to store in its cache a false IP ... > to get replies for each one of the requests. ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.mail.sendmail  > 2006-05