huge count of DNS deny hits
babu dheen
babudheen at yahoo.co.in
Wed Jan 11 05:11:47 UTC 2012
Hi,
I enabled the logs in DNS server and i found below lines from this client continiously..
1/10/2012 9:14:30 AM 0FDC PACKET 0000000005B489B0 UDP Snd <Client IP> 1f23 Q [0005 A D NOERROR] TXT (7)version(4)bind(0)
1/10/2012 9:14:30 AM 0FDC PACKET 0000000007342360 UDP Rcv <Client IP> c63c Q [0005 A D NOERROR] TXT (7)version(4)bind(0)
1/10/2012 9:14:30 AM 0FDC PACKET 0000000007342360 UDP Snd <Client IP> c63c Q [0005 A D NOERROR] TXT (7)version(4)bind(0)
1/10/2012 9:14:30 AM 0FDC PACKET 0000000004D728F0 UDP Rcv <Client IP> a96a Q [0005 A D NOERROR] TXT (7)version(4)bind(0)
Is it something to do with Malticast DNS. Can you give me more details about Multicast DNS
Regards
Papdheen M
--- On Mon, 9/1/12, Fajar A. Nugraha <work at fajar.net> wrote:
From: Fajar A. Nugraha <work at fajar.net>
Subject: Re: huge count of DNS deny hits
To: "babu dheen" <babudheen at yahoo.co.in>
Cc: bind-users at lists.isc.org
Date: Monday, 9 January, 2012, 12:16 PM
On Mon, Jan 9, 2012 at 1:37 PM, babu dheen <babudheen at yahoo.co.in> wrote:
> Unfortunately, i have not enabled logs in my internal DNS server.
You just dismissed the only reliable source of information
>
> Any idea ..
Without logs, you only have assumptions. The best assumption at this
point is that the client probably has a virus/malware, whose activity
(one of them anyway) is to look for vulnerable DNS servers.
--
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120111/4e0f45a3/attachment.html>
More information about the bind-users
mailing list