When this message happens name service times out.
Jim Reid
jim at rfc1035.com
Tue May 9 18:13:56 UTC 2000
>>>>> "Mark" == Cinense, Mark <macinen at sandia.gov> writes:
Mark> Sorry Jim, Running Bind 8.2.2-P5 on Solaris 7. If this
Mark> machine is an internal machine, and port 53 is restricted to
Mark> only this and one other nameserver, could this cause this to
Mark> happen? There are other nameservers in our network, however
Mark> they have no outside access. Also the other nameservers are
Mark> forwarding outside requests to this machine. What should I do?
If the addresses that cause these messages are outside your net, you
might have a hole in your firewall. So if that's the case, talk to
your security people. If the addresses are internal, hunt down the
owners of the hosts and find out what they're doing. It may just be
some very stupid software, but it could be someone is doing port scans
or something even naughtier from these addresses.
BTW, you say that only port 53 is opened on your name server. The
"query received on a non-query socket" error suggests UDP traffic for
some other random port is being let through. So it's probably time to
get a packet sniffer out and re-check the firewall or router access
lists.
More information about the bind-users
mailing list