What are these entries in the log file - " query: . IN NS +"?
Gregory Hicks
ghicks at hicks-net.net
Mon Jan 26 22:26:55 UTC 2009
> To: comp-protocols-dns-bind at isc.org
> From: "Tony Toews [MVP]" <ttoews at telusplanet.net>
> Subject: What are these entries in the log file - " query: . IN NS +"?
> Date: Mon, 26 Jan 2009 21:45:18 GMT
>
> Folks
>
> Warning - I know just enough about Bind to be dangerous. Which is
> why I'm asking.
>
> I just noticed that our small scale Bind server as a lot of the
> following lines.
>
> 26-Jan-2009 14:28:24.004 client 76.9.16.171#23101: query: . IN NS +
> 26-Jan-2009 14:28:58.254 client 63.217.28.226#28035: query: . IN NS +
> 26-Jan-2009 14:29:00.691 client 63.217.28.226#35549: query: . IN NS +
> 26-Jan-2009 14:29:26.332 client 76.9.16.171#19817: query: . IN NS +
>
> As far as I can tell from the same 5 or 20 IP addresses. I haven't
> seen these lines before.
>
> 1) What am I doing wrong? If anything.
You are doing nothing wrong.
> 2) What are they?
They look like the DDoS being discussed on the NANOG list.
Have you implemented BCP38? If not, why not...
Regards,
Gregory Hicks
---------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
| Direct: 408.569.7928
People sleep peaceably in their beds at night only because rough men
stand ready to do violence on their behalf -- George Orwell
The price of freedom is eternal vigilance. -- Thomas Jefferson
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
More information about the bind-users
mailing list