| Author |
Message |
raman
Joined: 30 Nov 2004
Posts: 17
|
| Posted: Thu Oct 18, 2007 11:07 am Post subject: Name queries for backup MX |
|
|
Starting on Oct 9th, I started getting some weirdness in my named logs. My named server is authoritative for my domain (call it domain1.com) and returns two MX records:
Code: # dig -t mx domain1.com
...
;; ANSWER SECTION:
domain1.com. 259200 IN MX 20 mail.domain2.com.
domain1.com. 259200 IN MX 10 mail.domain1.com.
...
My name server responds to requests for domain1, but domain2's name servers are elsewhere. However, for some reason, starting on Oct 9th, I started getting these in my logs:
named[1403]: client xx.xx.xx.xx#2125: query (cache) 'mail.domain2.com/A/IN' denied
At first I thought it was a misconfigured client but it is occurring more and more often with many different client IPs. Why are these clients attempting to resolve my backup MX from my primary domain's name server?
Cheers,
Raman |
|
| Back to top |
|
Ciaran
Joined: 13 Feb 2004
Posts: 138
Location: England, UK
|
| Posted: Mon Oct 22, 2007 9:50 am Post subject: |
|
|
| I assume your primary MX *is* working? I can't think why a backup MX server would be resolved unless it was actually using it. Do you have any connections logged to your backup MX? |
|
| Back to top |
|
SteveG
Joined: 30 Nov 2003
Posts: 212
|
| Posted: Mon Oct 22, 2007 5:45 pm Post subject: |
|
|
You're probably a victim of two different conspiracies:
1. Lots of spammers try to use the backup MX on the assumption that there will be lest spam filtering on it.
2. I'd guess that lots of spam bots assume that the (backup) MX can be A resolved at the same NS as sourced the MX record, not noticing that it's actually a different domain. Spammers are stupid, except when they're fiendishly clever. |
|
| Back to top |
|
raman
Joined: 30 Nov 2004
Posts: 17
|
| Posted: Tue Oct 23, 2007 1:27 am Post subject: |
|
|
SteveG wrote: You're probably a victim of two different conspiracies:
1. Lots of spammers try to use the backup MX on the assumption that there will be lest spam filtering on it.
2. I'd guess that lots of spam bots assume that the (backup) MX can be A resolved at the same NS as sourced the MX record, not noticing that it's actually a different domain. Spammers are stupid, except when they're fiendishly clever.
Thanks Steve -- yes, I'm quite aware of #1. I didn't think of #2, but it makes complete sense. And since I have only recently started seeing these, most likely a new spambot that makes this assumption is loose out in the wild.
Cheers,
Raman |
|
| Back to top |
|
| |
