"lame-servers: info: no valid RRSIG resolving ..."

Sten Carlsen stenc at s-carlsen.dk
Fri Apr 17 19:01:28 UTC 2020 

I see lots of lines like this. They all come from people trying to break into my SSH.

-- 
Best regards 
Sten Carlsen 


For every problem, there is a solution that
is simple, elegant, and wrong.
HL Mencken


> On 17 Apr 2020, at 17.24, btb via bind-users <bind-users at lists.isc.org> wrote:
> 
> hi-
> 
> i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid RRSIG resolving ..." messages in the logs [on average ~500 messages per day].  a small snippet:
> 
> 15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving 'jwplayer.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving 'tranet.net/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving 'inboxsdk.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving 'basis.net/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving 'starfinancial.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving 'vice.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving 'lithium.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving 'sc-static.net/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving 'snapchat.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving 'yimg.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving 'transamerica.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving 'quantummetric.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving 'tealiumiq.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving 'bounceexchange.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving 'mwefinancial.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving 'redditmedia.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving 'imtwjwoasak.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving 'b.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving 'jquery.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving 'forter.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving 'quovadisoffshore.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving 'quovadisglobal.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving 'mixpanel.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving 'spotify.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving 'freeform.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving 'edgedatg.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving 'footprintdns.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving 'qualifiedaddress.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving 'dc-msedge.net/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving 'facebook.com/DS/IN': 192.5.6.30#53
> 15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving 'pphosted.com/DS/IN': 192.5.6.30#53
> 
> a number of these [most?] are zones that are signed, and some don't even exist, so i'm curious about seeing these messages.  what am i not understanding, and/or what can i do to troubleshoot further?
> 
> thanks!
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200417/5a0742a2/attachment.htm>

More information about the bind-users mailing list