Confusing Log message
Michael Barber
mikeb at comcity.com
Thu May 6 23:43:01 UTC 2004
I don't understand why Bind is allowing this...is there a setting to stop
this? What your describing won't work...because obviously means this person
is a hacker.
In article <c7bkjt$1f3f$1 at sf1.isc.org>,
> Can someone tell me what the meaning of this log message is:
>
> denied query from [204.127.202.36].53 for "_ldap._tcp.
> Default-First-Site-Name._sites.dc._msdcs.wvms.com" SRV/IN
>
> What does this mean: Default-First-Site-Name._sites.dc._msdcs.wvms.com"
> SRV/IN ? Should someone be jerking my name server around like this?
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.wmvms.com is the
name of a record that the device with IP address 204.127.202.36 was
trying to look up, and it was trying to look up a record with type SRV.
These are used by Microsoft Active Directory services as ways to find
servers -- in this case, I presume it's trying to find an LDAP server on
your network. The component "Default-First-Site-Name" suggests that the
machine is not properly configured with your site's Windows domain.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list