Interesting log entries
Barry Margolin
barmar at alum.mit.edu
Sat Dec 17 03:43:33 UTC 2005
In article <dnv0cb$7h3$1 at sf1.isc.org>,
Tony Toews <ttoews at telusplanet.net> wrote:
> Folks
>
> From 15-Dec-2005 16:18:40.199 to 15-Dec-2005 16:33:38.308 I've got about
> 960
> virtually identical log entries.
>
> 15-Dec-2005 16:18:40.199 client 213.146.173.33#46932: query: e.tn.co.za ANY
> ANY +E
> 15-Dec-2005 16:18:41.121 client 213.146.173.33#63499: query: e.tn.co.za ANY
> ANY +E
> 15-Dec-2005 16:18:42.012 client 213.146.173.33#55080: query: e.tn.co.za ANY
> ANY +E
>
> All from the same IP address. And looking back in the logs there are quite
> a number
> for this particular domain however different IP addresses. That is there
> will be
> hundreds of queries regarding this domain from one IP address and then
> hundreds of
> queries from another IP address regarding this same domain.
>
> Any ideas on this one?
See the thread titled "How can I tell in the log if a query was
successful or refused":
http://groups.google.com/group/comp.protocols.dns.bind/tree/browse_frm/th
read/85e506936b892a5d/44ebe9cc274e69c5?rnum=1&hl=en&q=e.tn.co.za&_done=%2
Fgroup%2Fcomp.protocols.dns.bind%2Fbrowse_frm%2Fthread%2F85e506936b892a5d
%2F687d00a2a91bbb63%3Flnk%3Dst%26q%3De.tn.co.za%26rnum%3D1%26hl%3Den%26#d
oc_44ebe9cc274e69c5
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list