query log: what does 63864 mean?
Kevin Darcy
kcd at daimlerchrysler.com
Fri Feb 16 00:28:36 UTC 2001
Stanley Liu wrote:
> Jim Reid wrote:
>
> > Stanley> 16-Feb-2001 08:32:04.000 XX /198.133.29.82/mail1.tmca.com.au/63864/IN
> >
> > Client 198.133.29.82 was looking for a record which has type number
> > 63864 for the name mail1.tmca.com.au. This record type is not defined.
> > It's probably some WINS record type and Microsoft just plucked the
> > number out of the air without getting it assigned via IETF/IANA.
>
> Thanks for the prompt reply. The DNS is for Internet purpose and should not have WINS
> accessing it. Hmmm I wonder ... One thing is that can a "type" be numeric? I
> thought label cannot be numeric and I assumed type would be the same. Obviously not.
Types and classes are always binary/numeric in wire format. The query logging facility
renders those binary/numeric values into human-readable form for recognized values;
unrecognized values just get shown as numbers.
> Back to my original motive for asking the question: could I safely assume that it was
> just a malformed query?
Technically, it wasn't malformed. It followed the right format, but with an invalid value
in one of its fields. If your real question is "does it look like a hacking attempt?",
I'd say that's pretty unlikely. But then, I'm no security expert...
- Kevin
More information about the bind-users
mailing list