Outgoing DNS requests

chrisf usenetchris at ic-2000.com
Mon May 17 14:16:06 UTC 2004 

I have a DNS server that is making a large number of outgoing requests to
the same IP address.  I also see weird stuff in the logs which are shown
below.  Our firewall is showing a extremely large number of outgoing
requests to the DNS port on a specific IP, but that IP address does not show 
up in any of our logs.  How can I go about pinpointing the problem? 

I don't know if the stuff in the logs below is related, but I thought it 
could possibly be helpful.  This server handles a good amount of incoming 
and outgoing mail and also secondary DNS for a few domains. 

Thanks, 

Chris 

Apr 28 13:52:16 localhost named[665]: lame server resolving 'pilot.ac' (in
'pilot.ac'?): 65.57.231.100#53
Apr 28 13:52:16 localhost named[665]: lame server resolving 'pilot.ac' (in
'pilot.ac'?): 65.57.231.120#53
Apr 28 13:52:16 localhost named[665]: lame server resolving 'pilot.ac' (in
'pilot.ac'?): 65.57.231.100#53
Apr 28 13:52:16 localhost named[665]: lame server resolving 'pilot.ac' (in
'pilot.ac'?): 65.57.231.100#53
Apr 28 13:52:16 localhost named[665]: lame server resolving 'pilot.ac' (in
'pilot.ac'?): 65.57.231.120#53
Apr 28 13:54:27 localhost named[665]: lame server resolving
'229.72.121.154.ipwhois.rfc-ignorant.org' (in 'ipwhois.rfc-ignorant.org'?):
208.201.249.238#53
Apr 28 13:54:27 localhost named[665]: lame server resolving
'141.93.254.218.ipwhois.rfc-ignorant.org' (in 'ipwhois.rfc-ignorant.org'?):
208.201.249.238#53
Apr 28 13:57:37 localhost named[665]: lame server resolving 'airabove.com'
(in 'airabove.com'?): 216.143.159.69#53
Apr 28 14:04:20 localhost last message repeated 4 times
Apr 28 14:04:29 localhost last message repeated 3 times
Apr 28 14:04:55 localhost named[665]: lame server resolving
'derek.designaide.com' (in 'designaide.com'?): 216.143.159.69#53
Apr 28 14:04:55 localhost last message repeated 3 times
Apr 28 14:08:04 localhost named[665]: lame server resolving 'airacademy.net'
(in 'airacademy.NET'?): 216.143.159.69#53
Apr 28 14:08:04 localhost last message repeated 3 times
Apr 28 14:08:42 localhost named[665]: lame server resolving
'joel.designaide.com' (in 'designaide.com'?): 216.143.159.69#53

More information about the bind-users mailing list