What's going on here?
Barry Margolin
barmar at bbnplanet.com
Mon Nov 29 16:27:55 UTC 1999
In article <81p1r8$9oc at catapult.gatech.edu>,
Andrew <andrew at 3.1415926.org> wrote:
>I was sniffing port 53 and noticed this:
>
>16:02:36.941744 146.83.22.169.1051 > 128.61.my.host.53: 49190 inv_q+
>[b2&3=0x980] A? . (27)
>16:02:36.941744 128.61.my.host.53 > 146.83.22.169.1051: 49190 inv_q
>Refused [0q] 1/0/0 (27)
>16:02:37.481744 146.83.22.169.1051 > 128.61.my.host.53: 3587+
>[b2&3=0x180] TXT CHAOS)? version.bind. (30)
>16:02:37.481744 128.61.my.host.53 > 146.83.22.169.1051: 3587* 1/0/0
>CHAOS) TXT 8.1.2 (60)
>
>What's going on here?
146.83.22.169 is using your host as its nameserver. It has an old version
of NSLOOKUP that uses inverse queries rather than IN-ADDR.ARPA queries to
reverse resolve the nameserver's address. Someone on there was using it to
look up the version number of your BIND.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list