Lame Server Resolving Error?

I just checked my message file in var/log and noticed a ton of messages:

lame server resolving...

Then some server name. But I definetly am not hosting these sites. Are they using my dns server to "bounce" their site off? If so I assume that is a bad thing and if so is there a way to stop that?

Thanks
Silly

Im currently on Fedora core 1. I took steps to "hide" my version and take out the lame logs. My fear is though it still is going on in the background. What can I do to stop this from happening with the current people doing this?

What ways can I secure my dns server?

Thanks
Silly

You're worried about nothing. lame server logs result from when you try to resolve a domain that has a bad domain host. Usually lame server errors are recoverable and the domain resolves anyway. If the server isn't supposed to be resolving domains, then we can definately discuss how to lock that down.

When you say:

"when you try to resolve a domain that has a bad domain host"

Who is you? My dns server does not host these domains showing up in the logs so how are they getting in there? Is something trying to use my server to resolve? The only access needed is to answer when a domain Im hosting is requested.

I noticed in the logs there were multiple attempts to update a zone file and it was denied each time, is this due to dynamic updates being turned off for the zone files?

This is what made me "worry" that someone is trying something on the server since these are happing in parrallel. Domains showing up with the lame server message consist of .kr and sasknow.com

Perhaps I am misunderstanding how this all works?

Silly

Since you say you are not wanting to use the server to resolve OTHER domains then you need to add this to named.conf between the options brackets.

recursion no;

As for updates, Active Directory is the most common reason for having dynamic update logs. Again no worries as long as your zone information isn't changing.

"Since you say you are not wanting to use the server to resolve OTHER domains then you need to add this to named.conf between the options brackets.

recursion no;"

So just to clarify the sites that I host on the server will only resolve with recursion no correct? Meaning the DNS server will not be used as a "caching" server? What are the downsides in doing this? Also is this a common config for a general hosting company?

Thanks
Silly

on my production server I have the following config:

http://www.dollardns.net/bind/advanced/named.conf

What it does:

The server is essentially split into 2. There's one server listening on address 127.0.0.1 (caching server) and another server listening on the rest of the addresses on the machine (authoritative server).

All queries made to 127.0.0.1 is handled by the caching server. The only way a person can send this address a query is if it was from the local machine. resolv.conf is set so that the machine uses this address for name resolution. Also, DNS Crawler uses this address for name resolution if you use "resolver.dollardns.net" in the server field.

All queries made to 216.117.*.* is handled by the authoritative server. I set some limits to keep my client domains sane, then include the file "users.conf" which in turn includes each member "zones.conf". Both of these files are managed by scripts. This setup ensures organization and prevents scripts from having to manage the main "named.conf" or excessively large configuration files. Notice that this split does NOT allow recursion. I do NOT want to encourage people to use my server as their own personal resolver after all!

Question, just checked the logs and saw this:

client 128.232.0.31#56292: transfer of 'mydomain.com/IN': AXFR started

Mydomain is a domain I currently host. Is that normal? I have never seen that message in the logs before. Is it propagating?

Silly

That log message means somebody made a zone transfer of your domain. Here's what it looks like in DNS Crawler:

DNS Crawler
(replace the server and name fields with something appropriate)

As for the specific individual who transferred your domain, the below page describes why they made that transfer:

http://www.cl.cam.ac.uk/Research/SR...am/traffic.html