NAMED LOGS
Matthäus Wander
matthaeus.wander at uni-due.de
Tue Jul 23 00:34:53 UTC 2013
Hi,
Grace Ingabire writes:
>
> Does anyone know what is going on here? As I can't understand why we do
> receive a lot of these messages in our logs.
>
> Jul 22 14:18:21 ns1 named[13045]: client 200.222.123.108#43576: query
> (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied
>
> [...]
I'm the zone owner of verteiltesysteme.net. What you're seeing there are
queries by open resolvers (more accurately: forwarders of open resolvers).
This is part of a research project to measure the effect of the DNS
injection censorship method. www.minghui.org is a name being blocked by
by the Great Firewall of China via DNS injection. By querying for
www.minghui.org.SUFFIX we can test whether the open resolver has a
clean, uncensored path to your TLD nameservers.
I'll add the addresses of .rw to our blacklist, so you won't be seeing
any more of these queries. Sorry for inconvenience.
Let me know if you have further questions.
Regards,
Matthäus Wander
--
Universität Duisburg-Essen
Verteilte Systeme
Bismarckstr. 90 / BC 316
47057 Duisburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5156 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130723/c39dfe8c/attachment.bin>
More information about the bind-users
mailing list