[dns-operations] (another) Odd behavior of the day

[Niall O'Reilly]

John Kristoff wrote:
> Hi folks,
> 
> As I often do I ran into some odd behavior today.  I thought I'd
> share.  For entertainment purposes or as part of your daily diversion as
> appropriate.

	In the same vein ...

	I thought that this, observed on one of our main rDNS servers at
	UCD,  indicated a strange or unsociable way for an authoritative
	server to behave.  The client app seems fairly anti-social too,
	as I found from a few minutes of query-logging.

	AFAICT, this is something to do with mobileme.

	[Warning: explicit escaped folding: hopefully more readable than
	 the concerted efforts of whatever M[TU]As intervene.]


joe(user)31: date -u; \
  dig @17.250.248.161 ns members.mac.com; \
  grep 'REFUSED.*members\.mac\.com' /var/log/messages \
  | colrm 8 16 | sort | uniq -c
Thu Jan 14 15:23:59 UTC 2010

; <<>> DiG 9.6.1-P1 <<>> @17.250.248.161 ns members.mac.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49667
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;members.mac.com.		IN	NS

;; ANSWER SECTION:
members.mac.com.	7200	IN	NS	pm-members.mac.com.

;; AUTHORITY SECTION:
members.mac.com.	7200	IN	NS	pm-members.mac.com.

;; Query time: 163 msec
;; SERVER: 17.250.248.161#53(17.250.248.161)
;; WHEN: Thu Jan 14 15:23:59 2010
;; MSG SIZE  rcvd: 72

   45494	Jan 14 lobawn named[22196]: \
  unexpected RCODE (REFUSED) resolving \
  '_dns-llq-tls._tcp.members.mac.com/SRV/IN': \
  17.250.248.161#53
   46666	Jan 14 lobawn named[22196]: \
  unexpected RCODE (REFUSED) resolving \
  '_dns-update-tls._tcp.members.mac.com/SRV/IN': \
  17.250.248.161#53
joe(user)32: perl -e 'printf "%d per hour\n", (45494+46666)/15.5'
5945 per hour
joe(user)33:


	My mistake: it's actually worse than that;
	the log isn't rotated at midnight.

	Best regards,

	Niall O'Reilly
	University College Dublin IT Services