Starting on Oct 9th, I started getting some weirdness in my named logs. My named server is authoritative for my domain (call it domain1.com) and returns two MX records:

# dig -t mx domain1.com
...
;; ANSWER SECTION:
domain1.com.    259200  IN      MX      20 mail.domain2.com.
domain1.com.    259200  IN      MX      10 mail.domain1.com.
...

My name server responds to requests for domain1, but domain2's name servers are elsewhere. However, for some reason, starting on Oct 9th, I started getting these in my logs:

named[1403]: client xx.xx.xx.xx#2125: query (cache) 'mail.domain2.com/A/IN' denied

At first I thought it was a misconfigured client but it is occurring more and more often with many different client IPs. Why are these clients attempting to resolve my backup MX from my primary domain's name server?

Cheers,
Raman

I assume your primary MX *is* working? I can't think why a backup MX server would be resolved unless it was actually using it. Do you have any connections logged to your backup MX?

You're probably a victim of two different conspiracies:

1. Lots of spammers try to use the backup MX on the assumption that there will be lest spam filtering on it.

2. I'd guess that lots of spam bots assume that the (backup) MX can be A resolved at the same NS as sourced the MX record, not noticing that it's actually a different domain. Spammers are stupid, except when they're fiendishly clever.

_________________
The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world.
-- seen on the net

Thanks Steve -- yes, I'm quite aware of #1. I didn't think of #2, but it makes complete sense. And since I have only recently started seeing these, most likely a new spambot that makes this assumption is loose out in the wild.

Cheers,
Raman