refused query on non-query socket?
Barry Margolin
barmar at genuity.net
Sat Jan 12 00:18:27 UTC 2002
In article <a1nifu$7hs at pub3.rc.vix.com>,
Alan Sparks <asparks at quris.com> wrote:
>
>I just upgraded to BIND-8.3.0. Started seeing messages I've never seen
>before. A sample is included below.
>
>I'm a little confused about what I've read about this. Does this mean
>someone else is sending a weird query back at me? What are the
>implications?
It means that the server is receiving a packet on the socket that it uses
to receive replies to recursive queries, and these packets look like
queries rather than replies.
>And, is this new with 8.3? Never saw then with 8.2.5... although maybe
>someone picked this same instance to pick on me... :-)
This message has been around as long as 8.x has, as that's when BIND
started using a different port for sending recursive queries. My guess is
someone is port-scanning you, and the packets they're sending happen to
have the bit set that distinguishes a query from a reply.
>Jan 11 10:07:05 ns01 named[16779]: refused query on non-query socket
>from [207.14.100.134].53
>Jan 11 10:13:43 ns01 last message repeated 320 times
>Jan 11 10:13:44 ns01 named[16779]: refused query on non-query socket
>from [207.14.100.134].53
>Jan 11 10:17:11 ns01 last message repeated 45 times
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list