is my router a slave?
Kevin Darcy
kcd at chrysler.com
Wed Apr 9 20:34:53 UTC 2008
Gerry Reno wrote:
> I am seeing this in the log:
>
> Apr 8 19:54:38 grp-01-30-50 named[8947]: client 192.168.1.1#53: view
> internal: received notify for zone '189.91.72.in-addr.arpa': not
> authoritative
> Apr 8 19:54:38 grp-01-30-50 named[8947]: client 192.168.1.1#53: view
> internal: received notify for zone 'example.com'
>
>
>
> 192.168.1.1 is the IP of my internet router. It's also the DHCP server
> for the network. Would it also response to notifies?
>
I doubt that the router itself is generating these NOTIFYs. The reason
they seem to come from your router is most likely because your router is
NAT'ing in both directions, yes?
If that's the case, then this boils down more simply to "why am I
getting NOTIFYs from hosts I don't know?"
Answer: probably because someone typo'ed a name or address in their DNS
config, or in the NS records of the zone (possibly a private version of
the zone in question, so it might be hard for you, the unintended
victim, to track down the typo).
There's an outside chance that this might be some sort of malicious
activity.
If you want to track down who exactly is sending you these NOTIFYs, you
might need to turn on some sort of logging in your router. Or run a
sniffer/packet-capture on the other side of the NAT.
- Kevin
More information about the bind-users
mailing list