Is someone trying to hack my dns and illegally transfer me records?
Kevin Darcy
kcd at daimlerchrysler.com
Wed Dec 19 20:40:56 UTC 2001
Paul wrote:
>
> Hi.
>
> I have noticed that in my logs it shows the message;
>
> named[741]: client 128.177.195.11#60877: zone transfer denied
>
> Hundreds of times. The address is not one of our secondaries and I do not
> recognize the above address. Why do I have this message? Could someone be
> trying to do an unauthorized transfer of our domain's? What do I do about
> this?
I believe that log message indicates that you are denying an *outgoing* zone
transfer. It's probably just someone who set up a slave and mistyped the
master's IP address. Perhaps you should find out who this is and tell them to
fix their configuration. I doubt that this is malicious, otherwise why would
they keep doing it after realizing that it always fails? It's not like denied
zone transfers even make a particularly good DoS...
- Kevin
More information about the bind-users
mailing list