how to identify DNS request source?
Kevin Darcy
kcd at daimlerchrysler.com
Thu Aug 8 21:24:46 UTC 2002
Hostmaster wrote:
> My named-auth log shows repetitive requests (every 5 minutes) from an
> IP address for both a forward and inverse record. We are not approving
> the request and it is merely loading our name server and growing our log
> file. I am unable to determine the source of this request. nslookup yields
> no information. Using Arin I have been able to find out who owns the IP
> address block which includes the requestor's IP address. How can we
> find out who and what the offending culprit is? BTW we are not
> running dynamic or cahced name servers. Any advice would be most
> appreciated.
This isn't really a DNS or BIND question.You could try starting with the
contact in the ARIN record, but frankly, I don't know that you'll get
anywhere: a couple of queries every 5 minutes hardly constitutes Denial of
Service, so you really don't have any leverage to get these people to stop
doing what they're doing.
- Kevin
More information about the bind-users
mailing list