[wellylug] Weird DNS issue with Xtra DNS

[Mark Foster]

>> So what I meant to say was that Ihug's NS (the last time I tried, anyway) 
>> would reject DNS queries from non-Ihug users for domains that were not 
>> actually delegated to their NS.  i.e. Locally hosted domains would work 
>> fine.
>> 
> OIC, sorry! Now that I re-read it, it's obvious what you meant!
>
> I can't see how it would affect the number of third party DNS providers, 
> though. When a request for a record in a zone in the third party's is looked 
> up, the user will be directed directly to the third party's DNS. It's only 
> lookup *from* the third party's DNS that could use the Xtra's DNS as 
> referrers, and there shouldn't be too many of those. And Xtra could easily 
> block those few addresses of DNS servers that abuse Xtra's 'open' DNS server.
>
> Or am I missing something?

You describe what a DNS server does, but i'm not sure that a client-side 
resolver does this.  The Nameserver you're communicating with does the 
'legwork' and follows referrals, not the client. (Thus why DNS works 
through a firewall when you only have one specific host permitted...)


> It *would* affect non-*clients* of Xtra using Xtra's DNS though, but again 
> there shouldn't be too many of those should there?

You'd be suprised.  Xtra actually recognised a significant problem with 
exactly this.  For a long time, IT techs etc have had a habit of putting 
one or both of Xtras NS into peoples permanent config.  Freeloading of 
something relatively small, but when you scale it, it goes nuts...

... but yeah, anyway, looks like Alien is unresponsive at the moment.

Mark.