named attemts lookups with private address
Cricket Liu
cricket at menandmice.com
Wed Nov 21 18:33:19 UTC 2001
> In my logs I frequently see named attempt to talk to a server at a
> 10.* address. My suspicion is that there's a bad NS record out there
> somewhere that points to backhole.
>
> Is there an painless way to determine the culprit. Obviously I can't
> just do a reverse lookup of the address. It's driving me crazy. It'd
> be a lot easier to ignore the messages if I knew for sure that they
> were harmless:
>
> " Nov 21 11:24:34 fred named[196]: ns_forw:
> sendto([10.xxx.xxx.xxx].53): Operation not permitted"
>
> (i.e. Blocked by firewall rules.)
Why don't you just add 10/8 to your blackhole list?
Check out Rob Thomas's Secure BIND Template at
http://www.cymru.com/~robt/Docs/Articles/secure-bind-template.html
for a nice list of networks you can blackhole.
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list