[1938] in linux-security and linux-alert archive
[linux-security] Bind log question
daemon@ATHENA.MIT.EDU (Dan Cornell)
Thu Jun 25 01:37:10 1998
Date: Wed, 24 Jun 1998 15:25:13 +0000
From: Dan Cornell <dan@atension.com>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
In my /var/log/messages file, in recent days I have been receiving
numerous messages such as:
Jun 23 15:02:50 OUR-HOST named[577]: sysquery: nslookup reports
danger (dns.SUBNET1.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa)
Jun 23 15:02:51 OUR-HOST named[577]: sysquery: nslookup reports
danger (HOST2.SUBNET2.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa)
Jun 23 15:02:51 OUR-HOST named[577]: sysquery: nslookup reports
danger (dns.SUBNET3.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa)
Jun 23 15:02:51 OUR-HOST named[577]: sysquery:
query(dns.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa) A RR negative cache
entry (HOST2.SUBNET2.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa:)
Jun 23 15:02:51 OUR-HOST named[577]: sysquery:
query(dns.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa) No possible A RRs
I'm curious as to what might be causing this. Last night, over a span
of 15 minutes, I got nearly 1000 of these messages in my log file. Is
it a problem with one (or more) of their hosts, is someone spoofing DNS
requests using their subnet, or is it a problem with my DNS
configuration? I'm running RedHat 5.0 with bind-4.9.6-7. Any insight
would be greatly appreciated.
Dan Cornell
dan@atension.com
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null