strange named messages ...
Jim Reid
jim at rfc1035.com
Tue Dec 12 10:28:44 UTC 2000
>>>>> "Blazej" == Blazej Kantak <pascal at vlo.ids.gda.pl> writes:
Blazej> I've recently got some strange messages generated by named, like:
Blazej> named[86]: Response from unexpected source ([xxx.xxx.xxx.xxx].53])
Blazej> where xxx.xxx.xxx.xxx is IPs of different sites which try
Blazej> to connect. Does anyone know what could cause such
Blazej> messages ? Is it something nasty ?
Could be. The message means that the name server sent a query to one
IP address but the answer to that query came from a different address.
This could be something relatively harmless like a remote name server
that has >1 network interface sending replies out on the "wrong" one.
Or maybe there's an asymmetric routing path to/from that server. It
could also be that something is intercepting the replies or faking
answers to them. This might be a malicious attack on your name server.
A more likely possibility is that the address mismatch is caused by
broken Network Address Translation on a firewall NAT'ing the query on
its way out but not doing that for the reply.
More information about the bind-users
mailing list