Strange message in log
Barry Margolin
barmar at genuity.net
Wed Oct 10 23:32:50 UTC 2001
In article <9q2lmr$qbt at pub3.rc.vix.com>, John <vo at eudoramail.com> wrote:
>Got a strange message from my dns daemon in my log:
>
>Oct 10 15:54:17 nycdns named[20193]: Response from unexpected source ([149.174.2
>11.13].53)
>
>What does that mean?
Wow, haven't seen that one in a long time.
It means that 149.174.211.13 is a machine with multiple IP addresses, and
it's running an ancient version of BIND that doesn't ensure that replies
come from the same address that the query was sent to. Your server sent a
query to one of its other addresses, but since the response came from a
different address, it's being ignored (as far as your server is concerned,
it looks like someone spoofing a DNS reply).
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list