query on non-query socket
Markus Stumpf
maex-bind-users at Space.Net
Thu Jul 29 15:56:26 UTC 1999
For about three or four weeks I accasionally see messages like these
(dates GMT+2):
28-Jul-1999 14:31:31.230 security: notice: refused query on non-query socket from [192.86.99.28].53
28-Jul-1999 17:11:04.199 security: notice: refused query on non-query socket from [192.86.99.28].53
While these mostly come from the server above (wbweb4.worldbank.org)
I've also seen some from other IPs. Except for one day when I had a few
hundred within a few seconds, I'm seeing about 3 oder 4 of them a day,
sometimes even none for 2 oder 3 days.
This only happens on one (ns.space.net) of the three DNS servers we use
in NS records on all our domains. I'm still running bind-8.1.2 (for more
than one year now, never seen these in all the month before).
Is this due to a broken resolver? Is this kind of an attack? Anyone else
seeing this?
In case it's relevant I can provide a complete list of all the IPs we
had these messages from.
Thanks,
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | Yeah, yo mama dresses
Research & Development | mailto:maex-sig at Space.Net | you funny and you need
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | a mouse to delete files
D-80807 Muenchen | Fax: +49 (89) 32356-299 |
More information about the bind-users
mailing list