It is possible that their their server started claiming false authority for a tld (eg. com) and polluted some caches or another server started claiming it was authoritative and polluted some caches. That would mean that these broken servers now think that your customer's server is authoritative for some tld. The thing to do to verify that would be to check to see what some of the servers that are querying your server think are the authoritative servers for .com, etc. Then, if you find that they do think your customer's server is authoritative, have them dump their cache to try to track back where they got that record from, etc. Oh, and make everyone upgrade their version of BIND. Unfortunately, far too many people refuse even when they know their whole world can be messed up by a broken nameserver or two unless they upgrade. If the above is the problem, then there isn't really any short term fix. You just have to get the source of the false authority records to stop, then wait until TTLs expire. On Fri, 14 Aug 1998 max@inc.net wrote:
I am having some very bizzare DNS issues and am wondering if anyone will be able to shed some light on this. A customer of ours started recieving thousands of DNS requests for a wide range of domains, mostly foreign. The requests are coming from a wide range of ips most of which respond to nslookups "ie are nameservers". I have done a whois on some of the domains and the 2 name servers having the problems don't show up, I have also check to root servers and dont see anything which would direct those domains to the name servers. Their entire T1 is full from these requests about 1.2 meg. As the customer is in the business of web hosting they can kill named nor can they put up a packet filter to fix this. Also because there are literally hundreds of diffrent domains both preforming the lookups and being looked up it is not feasable to call the admin of each one to work this out. Anyone have any ideas?
Max Spaulding Internet Connect, INC. max@inc.net