DoS?
Len Conrad
LConrad at Go2France.com
Thu Oct 24 13:52:17 UTC 2002
>I am getting bombarded with entries in my query and syslog files. Here is a
>small subset:
>
>BIND query.log:
>client 200.76.208.70#54177: query: _ldap._tcp.dc._msdcs.hpdsc.com IN SRV
Some MS GUI jockey randomly clicking on radio buttons has screwed up his MS
DNS.
>client 200.76.208.70#54177: query: _ldap._tcp.dc._msdcs.hpdsc.com IN SRV
These are queries for MS Active Directory services, located via SRV records.
The underscore domain names, their queries, and SRV records are strictly
intranet items that should never leak out to public internet.
Like MS's other famous screw up of making all w2k/xp OS's "register" their
A records with DNS (ie, run as dynamic zone updaters) by default, these SRV
thingies are harmless other than filling up your logs and wasting your
resources.
In bind,
options {blackhole {address_match_list } ; };
... will minimize the effects on your BIND machine.
Len
More information about the bind-users
mailing list