Is someone trying to hack my dns and illegally transfer me records?
Len Conrad
LConrad at Go2France.com
Wed Dec 19 20:32:01 UTC 2001
> I have noticed that in my logs it shows the message;
>
>named[741]: client 128.177.195.11#60877: zone transfer denied
>
>Hundreds of times. The address is not one of our secondaries and I do not
>recognize the above address. Why do I have this message?
your bind logging is set up to log policy denials
> Could someone be
>trying to do an unauthorized transfer of our domain's?
tisk, tisk, worse has happened. :))
>What do I do about this?
1) nothing, it just fills up your logs.
2) at tcp/ip level, block access for that ip at your border router.
3) at DNS level, take it out with a blackholes option. no logging will occur.
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
More information about the bind-users
mailing list