Three NameServer DOSing my <dns1>
Michelle Konzack
linux4michelle at tamay-dogan.net
Wed Jul 28 21:24:49 UTC 2010
Hello Dave Sparro,
Am 2010-07-28 10:11:52, hacktest Du folgendes herunter:
> That host name does show up in your e-mail headers. That may
> be why there are some people curious about that host name.
But why do they query my server 3 times per second?
Currently I have more then 600.000 DNS requests per day... but only
<dtag.de>, <t-dialin.net> and <arcor-ip.net> are querying my <michelle1>
excessiv. Other NS (arround 90) are less then 20%.
The question is, why do they query an @home FQDN, if I have a public
SMTP relay? For me it is an error in there configuration, because the
MTA should only test the MTA, which connect to it and this is
definitively <mail.tamay-dogan.net>.
The other thig is that in the last 4-6 days I have not written very much
E-Mail (maybe 50-70) which let mit puzzeling arround, WHY I am bombed
with several million queries.
Today I have send only 12 messages and I have attached the unified log
from today for servers querying <michelle1>. While Google is has stoped
querying my server endless, since today it is <ns1.Level3.net>.
Do you not wonder?
Also I have for some minutes encountered, that I had several 10.000
break-in attempts (apache, ssh and courier) from DOT CN today. I realy
should nuke them.
> If the repeat traffic really bothers you, I'd bet that you could
> get them to go away by giving a better answer than "REFUSED"
> to their query. If you want to keep your private.tamay-dogan.net
> zone private, you could use views to keep the zone from existing
> for the Internet side of your connection.
OK I have to read into "views" because I do ot know how this stuff works
> I'd even be tempted to ditch the allow-query ACL so that they could
> get the michelle1.private.tamay-dogan.net/A/IN == 192.168.0.65
> answer (at least temporarily).
> I'd be even more tempted to ignore the noise in your log file. BIND
> is just letting you know it is doing exactly what you configured it
> to do.
Hmmm, it is not realy funny to have per day a 100 MByte logfile.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
----[ command 'tdnamed --get-ns' ]--------------------------------------
119.147.9.49 : dns.guangzhou.gd.cn
120.29.157.9 : ns2.hyper.net.id
120.29.158.9 : ns2.hyper.net.id
128.151.219.8 : galileo.cc.rochester.edu
128.151.224.6 : galileo.cc.rochester.edu
128.86.8.10 : ns0.ja.net
128.86.8.25 : ns0.ja.net
130.129.33.240 : ns1.meeting.ietf.org
145.253.2.7 : ns1.arcor-ip.de
192.221.166.105 : ns1.Level3.net
192.221.166.107 : ns1.Level3.net
192.221.166.113 : ns1.Level3.net
192.221.166.123 : ns1.Level3.net
192.221.166.124 : ns1.Level3.net
192.221.166.126 : ns1.Level3.net
192.221.166.137 : ns1.Level3.net
192.221.166.140 : ns1.Level3.net
192.221.166.148 : ns1.Level3.net
192.221.166.152 : ns1.Level3.net
192.221.166.156 : ns1.Level3.net
192.221.166.167 : ns1.Level3.net
192.221.166.168 : ns1.Level3.net
192.221.166.171 : ns1.Level3.net
192.221.166.177 : ns1.Level3.net
192.221.166.179 : ns1.Level3.net
192.221.166.184 : ns1.Level3.net
192.221.166.209 : ns1.Level3.net
192.221.166.222 : ns1.Level3.net
192.221.166.243 : ns1.Level3.net
192.221.166.3 : ns1.Level3.net
192.221.166.51 : ns1.Level3.net
192.221.166.53 : ns1.Level3.net
192.221.166.61 : ns1.Level3.net
192.221.166.80 : ns1.Level3.net
192.221.166.81 : ns1.Level3.net
192.221.166.94 : ns1.Level3.net
192.221.166.96 : ns1.Level3.net
192.221.167.103 : ns1.Level3.net
192.221.167.138 : ns1.Level3.net
192.221.167.144 : ns1.Level3.net
192.221.167.146 : ns1.Level3.net
192.221.167.147 : ns1.Level3.net
192.221.167.148 : ns1.Level3.net
192.221.167.152 : ns1.Level3.net
192.221.167.157 : ns1.Level3.net
192.221.167.164 : ns1.Level3.net
192.221.167.174 : ns1.Level3.net
192.221.167.180 : ns1.Level3.net
192.221.167.183 : ns1.Level3.net
192.221.167.189 : ns1.Level3.net
192.221.167.2 : ns1.Level3.net
192.221.167.20 : ns1.Level3.net
192.221.167.217 : ns1.Level3.net
192.221.167.219 : ns1.Level3.net
192.221.167.221 : ns1.Level3.net
192.221.167.241 : ns1.Level3.net
192.221.167.249 : ns1.Level3.net
192.221.167.33 : ns1.Level3.net
192.221.167.35 : ns1.Level3.net
192.221.167.38 : ns1.Level3.net
192.221.167.41 : ns1.Level3.net
192.221.167.47 : ns1.Level3.net
192.221.167.52 : ns1.Level3.net
192.221.167.68 : ns1.Level3.net
192.221.167.78 : ns1.Level3.net
192.221.167.85 : ns1.Level3.net
192.221.167.88 : ns1.Level3.net
192.221.190.103 : ns1.Level3.net
192.221.190.106 : ns1.Level3.net
192.221.190.109 : ns1.Level3.net
192.221.190.114 : ns1.Level3.net
192.221.190.127 : ns1.Level3.net
192.221.190.133 : ns1.Level3.net
192.221.190.139 : ns1.Level3.net
192.221.190.145 : ns1.Level3.net
192.221.190.147 : ns1.Level3.net
192.221.190.148 : ns1.Level3.net
192.221.190.161 : ns1.Level3.net
192.221.190.164 : ns1.Level3.net
192.221.190.166 : ns1.Level3.net
192.221.190.174 : ns1.Level3.net
192.221.190.178 : ns1.Level3.net
192.221.190.181 : ns1.Level3.net
192.221.190.183 : ns1.Level3.net
192.221.190.184 : ns1.Level3.net
192.221.190.201 : ns1.Level3.net
192.221.190.203 : ns1.Level3.net
192.221.190.231 : ns1.Level3.net
192.221.190.236 : ns1.Level3.net
192.221.190.242 : ns1.Level3.net
192.221.190.245 : ns1.Level3.net
192.221.190.247 : ns1.Level3.net
192.221.190.248 : ns1.Level3.net
192.221.190.249 : ns1.Level3.net
192.221.190.28 : ns1.Level3.net
192.221.190.33 : ns1.Level3.net
192.221.190.41 : ns1.Level3.net
192.221.190.45 : ns1.Level3.net
192.221.190.47 : ns1.Level3.net
192.221.190.71 : ns1.Level3.net
192.221.190.77 : ns1.Level3.net
192.221.190.92 : ns1.Level3.net
192.221.191.0 : ns1.Level3.net
192.221.191.10 : ns1.Level3.net
192.221.191.105 : ns1.Level3.net
192.221.191.12 : ns1.Level3.net
192.221.191.123 : ns1.Level3.net
192.221.191.125 : ns1.Level3.net
192.221.191.129 : ns1.Level3.net
192.221.191.135 : ns1.Level3.net
192.221.191.160 : ns1.Level3.net
192.221.191.165 : ns1.Level3.net
192.221.191.17 : ns1.Level3.net
192.221.191.181 : ns1.Level3.net
192.221.191.204 : ns1.Level3.net
192.221.191.208 : ns1.Level3.net
192.221.191.210 : ns1.Level3.net
192.221.191.211 : ns1.Level3.net
192.221.191.218 : ns1.Level3.net
192.221.191.245 : ns1.Level3.net
192.221.191.25 : ns1.Level3.net
192.221.191.28 : ns1.Level3.net
192.221.191.34 : ns1.Level3.net
192.221.191.36 : ns1.Level3.net
192.221.191.40 : ns1.Level3.net
192.221.191.45 : ns1.Level3.net
192.221.191.50 : ns1.Level3.net
192.221.191.54 : ns1.Level3.net
192.221.191.70 : ns1.Level3.net
192.221.191.75 : ns1.Level3.net
192.221.191.77 : ns1.Level3.net
192.221.191.81 : ns1.Level3.net
192.221.191.86 : ns1.Level3.net
192.221.191.9 : ns1.Level3.net
192.35.17.18 : david.siemens.de
193.62.22.2 : ns0.ja.net
194.138.39.57 : david.siemens.de
194.25.2.164 : dns00.btx.dtag.de
194.25.2.165 : dns00.btx.dtag.de
194.25.2.172 : dns00.btx.dtag.de
194.25.2.173 : dns00.btx.dtag.de
194.25.2.175 : dns00.btx.dtag.de
194.25.2.181 : dns00.btx.dtag.de
194.25.2.184 : dns00.btx.dtag.de
194.6.230.254 : ns1.radcom.ro
213.23.21.162 : ns1.arcor-ip.de
217.147.177.250 : ns.serversure.net
218.189.244.81 : bbdns1.on-nets.com
220.181.12.2 : ns4.nease.net
220.181.15.248 : ns4.nease.net
222.73.76.227 :
61.247.202.83 : ns1.naver.com
61.247.202.85 : ns1.naver.com
61.247.202.86 : ns1.naver.com
62.253.181.23 : ns1.virginmedia.net
66.249.65.200 : ns1.google.com
66.249.65.227 : ns1.google.com
66.249.65.59 : ns1.google.com
66.249.68.212 : ns1.google.com
66.249.68.70 : ns1.google.com
66.249.71.1 : ns1.google.com
66.249.71.107 : ns1.google.com
66.249.71.110 : ns1.google.com
66.249.71.118 : ns1.google.com
66.249.71.120 : ns1.google.com
66.249.71.122 : ns1.google.com
66.249.71.145 : ns1.google.com
66.249.71.155 : ns1.google.com
66.249.71.172 : ns1.google.com
66.249.71.199 : ns1.google.com
66.249.71.24 : ns1.google.com
67.218.116.168 : ns1.layer42.net
72.71.202.225 : ns1.myfairpoint.net
74.125.154.94 : ns1.google.com
76.192.135.73 : ns1.swbell.net
79.242.61.74 : dns01.btx.dtag.de
8.0.38.10 : ns2.Level3.net
8.0.38.12 : ns2.Level3.net
8.0.38.134 : ns2.Level3.net
8.0.38.135 : ns2.Level3.net
8.0.38.143 : ns2.Level3.net
8.0.38.154 : ns2.Level3.net
8.0.38.199 : ns2.Level3.net
8.0.38.209 : ns2.Level3.net
8.0.38.22 : ns2.Level3.net
8.0.38.253 : ns2.Level3.net
8.0.38.56 : ns2.Level3.net
8.0.38.59 : ns2.Level3.net
8.0.38.64 : ns2.Level3.net
8.0.38.72 : ns2.Level3.net
8.0.38.74 : ns2.Level3.net
8.0.38.91 : ns2.Level3.net
8.0.38.98 : ns2.Level3.net
8.0.39.112 : ns2.Level3.net
8.0.39.115 : ns2.Level3.net
8.0.39.146 : ns2.Level3.net
8.0.39.155 : ns2.Level3.net
8.0.39.159 : ns2.Level3.net
8.0.39.160 : ns2.Level3.net
8.0.39.170 : ns2.Level3.net
8.0.39.171 : ns2.Level3.net
8.0.39.193 : ns2.Level3.net
8.0.39.20 : ns2.Level3.net
8.0.39.203 : ns2.Level3.net
8.0.39.23 : ns2.Level3.net
8.0.39.238 : ns2.Level3.net
8.0.39.32 : ns2.Level3.net
8.0.39.40 : ns2.Level3.net
8.0.39.47 : ns2.Level3.net
8.0.39.58 : ns2.Level3.net
8.0.39.72 : ns2.Level3.net
8.0.39.81 : ns2.Level3.net
83.97.124.225 : ns1.sceur.ch
85.214.49.218 : ns.rz-ip.net
86.28.88.129 : dns1.ntli.net.88.28.86.in-addr.arpa
93.209.254.166 : dns01.btx.dtag.de
------------------------------------------------------------------------
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems at tdnet France EURL itsystems at tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle at jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100728/e24e7c54/attachment.bin>
More information about the bind-users
mailing list