unauthorized update attempts
Danny Mayer
mayer at gis.net
Sat Feb 2 03:52:47 UTC 2002
At 07:27 PM 2/1/02, acorns wrote:
>I'm using bind-9.1.3-4, which defaults to disallow dynamic updates, so I
>realize I'm safe. Here is what is appearing in my log:
>
>Jan 30 01:52:10 ns3 named[13195]: dynamic update failed: 'RRset exists
>(value dependent)' prerequisite not satisfied (NXRRSET)
>Jan 30 01:52:10 ns3 named[13195]: client 210.0.186.86#65078: update denied
>
>I've set up ipchains to deny this entire C class, as I have received
>other update attempts from this IP range in the past. It's not one of my
>own hosts (the IP seems to be somewhere in Asia), which makes me wonder
>what these attempts are trying to accomplish. On my old server (running
>bind 8) the error messages were more verbose, so I could see which
>domain was targeted. We regularly bounce mail for unknown users at this
>domain, which suggests that someone might be trying to use it.
>
>Should I assume this is a hijack attempt, or a misconfigured name
>server? Can anyone recommend any additional precautions?
Yes, contact Bill Gates and tell him to stop doing that! W2K tries to do this
by default.
Danny
More information about the bind-users
mailing list