isc and other hosts connecting to my NS
Scott Haneda
talklists at newgeo.com
Tue Oct 7 07:02:53 UTC 2008
Hello, I brought online a new NS, one in which the IP has not been
used before, at least, not for a NS. Maybe, many years ago, it was
used as a http server.
I see a few queries come into my named logs that are clearly
vulnerability scans, which while I do not like them, at least I
understand why they are there.
Curious are below:
06-Oct-2008 09:09:27.942 queries: info: client 149.20.56.10#20053:
query: www.orkut.co.in IN ANY -
06-Oct-2008 09:01:01.025 queries: info: client 149.20.56.10#20053:
query: www.capitalone.com IN ANY
dig result
56.20.149.in-addr.arpa. 3600 IN SOA ns-int.isc.org.
hostmaster.isc.org. 2008100500 7200 3600 604800 3600
Why does isc.org query my server? It is a non recursive server, and
only does lookups for my local machines, and of course, authoritative
lookups for the few domains I am hasting. I allow recursion on one
IP, mine at home on a comcast connection.
There are others, not isc.org based, but most of them are, calling out
myspace, facebook, and perhaps the most frightening one was
cakefarts.com (NSFW)
Any help understanding what is going on would be most appreciated,
thanks.
--
Scott
More information about the bind-users
mailing list