• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

What is at 2001:470:47:13::2 and why is it attempting to AXFR my zone?

Started by snarked, May 06, 2012, 01:45:40 PM

Previous topic - Next topic

snarked

From my syslog:
QuoteMay  5 00:48:55 snarked named[903]: client 2001:470:47:13::2#14313 (x.x.x.x.x.x.x.x.0.7.4.0.1.0.0.2.ip6.arpa): zone transfer 'x.x.x.x.x.x.x.x.0.7.4.0.1.0.0.2.ip6.arpa/AXFR/IN' denied
I'm getting this about every 30 seconds (with varying source port numbers; actual zone masked for public posting, but it's my tunnel #2 allocation).

HE's whois service shows that this is an HE internal address, not a tunnel delegation.

AXFR access is permitted to ns1.he.net (216.218.130.2 and 2001:470:100::2) so that the DNS service can pick it up for "secondary" service.

From the DNS service page about the zone:
QuoteDomain name  x.x.x.x.x.x.x.x.0.7.4.0.1.0.0.2.ip6.arpa
Type SLAVE
Master(s) 2001:470:...  (In my tunnel#1 allocation as that's where my DNS server is)
Last successful check  2012-05-04 12:47:07 (176038 seconds ago.)
Last status change  2012-05-04 12:47:46

As 2001:470:47:13::2 is not the address of one of your 5 name servers, what is its purpose for wanting the zone?

PS:  The zone in question is not (yet) DNSSEC signed.  It will be signed when next updated.

broquea

Looks like a facility-specific machine:

2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.1.0.0.7.4.0.0.0.7.4.0.1.0.0.2.ip6.arpa domain name pointer ns1-fmt2.he.net.

snarked

OK, but as I'm a tunnelbroker user and not in one of your facilities, why does it want to AXFR my zone?  It's not one of ns[1-5].he.net nor is it documented to grant it access anywhere....

broquea

Ask dnsadmin@he.net ?

I'd guess that this is one of the many ns1.he.net machines or whatever trickery was used to deflect the onslaught of hate against the nameservers.

snarked

OK, but that doesn't seem to justify allowing AXFR permssion to that IPv6 address....

broquea



snarked

Matter resolved via e-mail.  It was a misconfiguration and should have been from 2001:470:100::2.