empty DoS queries
Mark Andrews
Mark_Andrews at isc.org
Mon Feb 23 22:15:40 UTC 2009
I suspect you have a broken application on 10.48.0.19.
Mark
In message <70fo2dF49pfpU1 at mid.individual.net>, Frank Kirschner writes:
> Hello,
> since last night we log emtpty queries (approx. 4000 per seconds) like
> this from a client in our LAN:
>
> 23-Feb-2009 13:20:15.516 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
> 23-Feb-2009 13:20:15.518 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
> 23-Feb-2009 13:20:15.519 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
> 23-Feb-2009 13:20:15.523 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
> 23-Feb-2009 13:20:15.524 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
> 23-Feb-2009 13:20:15.525 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
> 23-Feb-2009 13:20:15.527 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
> 23-Feb-2009 13:20:15.531 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
> 23-Feb-2009 13:20:15.533 queries: info: client 10.48.0.19#2048: query:
> \(none\) IN A +
>
>
> Additional there are also such log entries, (approx. 4000 per seconds):
>
> 23-Feb-2009 14:05:56.464 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.470 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.483 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.489 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.500 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.508 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.517 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.521 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.533 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.539 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.546 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.558 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.565 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.572 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.584 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
> 23-Feb-2009 14:05:56.591 queries: info: client 10.48.0.19#2048: query:
> luca.inetgate.net IN A +
>
> What could be the resons for it? Should I investigate and limit the
> packet flow by iptables/netfilter on port 53 of my BIND 9, actual
> release for Centos 5.2
>
> best regards
> Frank
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list