Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Dec 2003 20:56:32 +0100 (CET)
From:      "Cordula's Web" <>
Subject:   Re: named and
Message-ID:  <>
In-Reply-To: <> (message from McClain Looney on Mon, 29 Dec 2003 07:51:27 -0600)
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> I have a bind9 named running on the 4.x stable branch, and have noticed 
> that it seems to be sending udp packets to about once 
> every 10 seconds or so (ipfw is denying and logging the traffic).  
> Google has not shed any light on the subject. is often returned by RBLs, when an address is blocked
(a.k.a. listed as spam source):

Quoth the previous URL (

  "The theory of operation is simple. Given a host address in its
   dotted-quad form, reverse the octets and check for the existence of an
   ``A RR'' at that node under the node. So if
   you get an SMTP session from [] you would check for the
   existence of: IN A
   We chose to use an ``A RR'' because that's what Sendmail makes easy to
   do. The choice of [] as the target address was arbitary but  
   will not change. As it happens, we supply a bogus MAPS RBLSM entry for
   [] so that mail transport developers have something to test
   If an ``A RR'' is found by this mechanism, then there will also be a
   ``TXT RR'' at the same DNS node. The text of this record will be   
   suitable for use as a reason text for a bounced mail notification.  
   Currently the text is constant and currently there is no way to use it
   from Sendmail, but there it is anyway."

Perhaps you have a mail filter installed, which queries one of those
RBLs, and then tries to do a reverse DNS lookup for

> I've grepped all through /etc/, and have found no references to 
>, and I certainly don't remember configuring anything (ever) 
> with that particular address.
> What could be the cause of this mysterious bind behavior?

See above.

Cordula's Web.

Want to link to this message? Use this URL: <>