too much activity
Barry Margolin
barmar at alum.mit.edu
Tue Aug 10 00:23:54 UTC 2004
In article <cf91po$23pp$1 at sf1.isc.org>,
Markus Plannerer <mp at No.erpa.Spam.de> wrote:
> Hello,
>
> we have updated from BIND8 to BIND9 and in the new
> named.conf logging is enabled by:
> logging {
> channel query_logging {
> file "/var/log/named_querylog"
> versions 3 size 100M;
> print-time yes; // timestamp log entries
> };
> category queries {
> query_logging;
> };
> category lame-servers { null; };
> };
>
> Now there is every second a entry in the log like:
> Aug 09 20:05:17.017 client 127.0.0.1#32844: query:
> 130.15.227.212.in-addr.arpa IN PTR
> Aug 09 20:05:18.028 client 127.0.0.1#32844: query:
> 130.15.227.212.in-addr.arpa IN PTR
> Aug 09 20:05:19.027 client 127.0.0.1#32844: query:
> 130.15.227.212.in-addr.arpa IN PTR
> Aug 09 20:05:20.038 client 127.0.0.1#32844: query:
> 130.15.227.212.in-addr.arpa IN PTR
> and so on and so ...
>
>
> Can anybody give me a hint?
There's an application on the local machine that's trying to do a
reverse lookup of 212.227.15.130 every second. If you want to know why,
you'll have to investigate what's running on your machine -- it's not a
BIND issue.
Since it's always coming from the same port, you might try using lsof to
see what process is bound to that UDP port.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list