Bogus LOOPBACK A RR {Scanned}
mayer at gis.net
mayer at gis.net
Sun Mar 20 21:15:05 UTC 2005
----- Original Message Follows -----
> Hi,
>
> I just found something very concerning in my log files whereby my
> primary name server seems to have added a loopback (localhost)
> address which is NOT owned by us. Can someone please tell me more
> details on what the following lines mean and if I should be concerned
> with it:
>
> ns_forw: query(29.192.115.200.IN-ADDR.ARPA) Bogus LOOPBACK A RR
> (localhost:127.0.0.1) learnt (A=localhost:NS=200.115.192.29): 1
> Time(s) ns_forw: query(29.192.115.200.IN-ADDR.ARPA) No possible A/AAAA
> RRs: 1 Time(s)
>
> And more important how to prevent my name servers from allowing
> outsiders to add localhost records to my servers?
>
You don't give them access to the boxes. localhost is a separate zone
and is set up correctly except that the SOA record for localhost looks
suspicious since it references netbsd.org. I assume you have no
connection
to them. You are probably running the netbsd O/S and it probably
installed
that zone and those records by default.
Danny
> Thanks,
>
> SW
>
>
>
> -------------------------------------------------
> WPPi.com | WPPi.Net
> -------------------------------------------------
> http://www.wppi.com | http://www.wppi.net
> -------------------------------------------------
> WPPi.com & WPPi.Net MailScanner Signature
> This message has been scanned for viruses
> and dangerous content by WPPi MailScanner,
> and has been found to be clean.
> -------------------------------------------------
>
>
>
More information about the bind-users
mailing list