Name queries for backup MX
# dig -t mx domain1.com
...
;; ANSWER SECTION:
domain1.com. 259200 IN MX 20 mail.domain2.com.
domain1.com. 259200 IN MX 10 mail.domain1.com.
...
My name server responds to requests for domain1, but domain2's name servers are elsewhere. However, for some reason, starting on Oct 9th, I started getting these in my logs:
named[1403]: client xx.xx.xx.xx#2125: query (cache) 'mail.domain2.com/A/IN' denied
At first I thought it was a misconfigured client but it is occurring more and more often with many different client IPs. Why are these clients attempting to resolve my backup MX from my primary domain's name server?
Cheers,
Raman
3 Replies
1. Lots of spammers try to use the backup MX on the assumption that there will be lest spam filtering on it.
2. I'd guess that lots of spam bots assume that the (backup) MX can be A resolved at the same NS as sourced the MX record, not noticing that it's actually a different domain. Spammers are stupid, except when they're fiendishly clever.
@SteveG:
You're probably a victim of two different conspiracies:
1. Lots of spammers try to use the backup MX on the assumption that there will be lest spam filtering on it.
2. I'd guess that lots of spam bots assume that the (backup) MX can be A resolved at the same NS as sourced the MX record, not noticing that it's actually a different domain. Spammers are stupid, except when they're fiendishly clever.
Thanks Steve – yes, I'm quite aware of #1. I didn't think of #2, but it makes complete sense. And since I have only recently started seeing these, most likely a new spambot that makes this assumption is loose out in the wild.
Cheers,
Raman