Confusing Log message
Michael Barber
mikeb at comcity.com
Fri May 7 17:37:55 UTC 2004
It didn't this time... The hacker needs to work harder at it I guess...
The point is why is it even "entertaining" the prospects of these type of
queries. Can I "turn-off" even the prospect of this type of query?
In article <c7ej0n$2l61$1 at sf1.isc.org>,
> I don't understand why Bind is allowing this...is there a setting to stop
> this? What your describing won't work...because obviously means this
person
> is a hacker.
Allowing what? Don't you see where it says "denied query"? That means
it *didn't* allow it, presumably because the client isn't in your
allow-query access list.
> In article <c7bkjt$1f3f$1 at sf1.isc.org>,
>
> > Can someone tell me what the meaning of this log message is:
> >
> > denied query from [204.127.202.36].53 for "_ldap._tcp.
> > Default-First-Site-Name._sites.dc._msdcs.wvms.com" SRV/IN
> >
> > What does this mean: Default-First-Site-Name._sites.dc._msdcs.wvms.com"
> > SRV/IN ? Should someone be jerking my name server around like this?
>
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.wmvms.com is the
> name of a record that the device with IP address 204.127.202.36 was
> trying to look up, and it was trying to look up a record with type SRV.
> These are used by Microsoft Active Directory services as ways to find
> servers -- in this case, I presume it's trying to find an LDAP server on
> your network. The component "Default-First-Site-Name" suggests that the
> machine is not properly configured with your site's Windows domain.
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list