[rbldnsd] "Lame" Miirror

Michael Tokarev mjt at tls.msk.ru
Sat Aug 5 10:43:59 MSD 2006 

David Cary Hart wrote:
> On Sat, 05 Aug 2006 00:15:09 +0400, Michael Tokarev <mjt at tls.msk.ru>
> opined:
> 
> Hi Michael and thanks for the reply:
> 
>> David Cary Hart wrote:
>>> A new mirror running bind and rbldnsd:
>>>
>>> Aug  4 10:44:46 tqmcube named[366]: lame server resolving 
>>> '40.220.17.65.dnsbl.tqmcube.com' (in 'dnsbl.tqmcube.com'?): 
>>> 213.239.195.182#53
>> Can you please be more specific?  How exactly it is "running
>> bind and rbldnsd" ?  
> 
> Apparently on the same machine.

Do you know how exactly it is set up?  I mean, how bind is
"related" to rbldnsd on this machine?  How it's configured?

>> Both at the same time?  How 'tqmqube' host
>> (from which the above logging comes) is related to all this?
> 
> That's a query from my mail server. I was simply demonstrating that
> RBLDNSD is working - it always does -;) It requires a specific query.

Hmm.  Now I lost you.  On 213.239.195.182, port 53, it's bind
who's answering, not rbldnsd.  And it's answering in a.. strange
way.

>>> It will answer queries directly but doesn't seem to take a
>>> portion of queries from the pool.
>> >From what I can see, 213.239.195.182 is running bind, and it
>> is NOT authoritative for the zone in question, ie, it is taking
>> answers from other two nameservers (mirror1 and mirror3).  It
>> is shown in both reply flags (no `aa' flag), and in decreasing
>> TTL in replies.
> 
> Sorry. I should have been more specific. It is mirror3. mirror1 and
> mirror2 are different servers in California and NY respectively.

And I lost you again.

mirror1.tqmcube.com.    3600    IN      A       69.59.189.21
mirror2.tqmcube.com.    3600    IN      A       213.239.195.182
mirror3.tqmcube.com.    3600    IN      A       68.236.166.73

So Are we talking about 213.239.195.182 (mirror2), which is mentioned
on your log as "lame", or 68.236.166.73 (mirror3) ??

If we're talking about mirror2 (213.239.195.182), as it is the problematic
server, the problem with it is that it is not an authoritative ns for the
zone, it is getting the data from somewhere else ("stealth" rbldnsd on the
same machine?  mirror1 and mirror3? elsewhere?) and is returning cached
results (and performs recursive queries as well!).  This should be fixed,
and without its configuration details it's hardly possible to guess what
exactly is wrong.

/mjt

More information about the rbldnsd mailing list