[1938] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Bind log question

daemon@ATHENA.MIT.EDU (Dan Cornell)
Thu Jun 25 01:37:10 1998

Date: Wed, 24 Jun 1998 15:25:13 +0000
From: Dan Cornell <dan@atension.com>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

In my /var/log/messages file, in recent days I have been receiving
numerous messages such as:
 

   Jun 23 15:02:50 OUR-HOST named[577]: sysquery: nslookup reports
danger (dns.SUBNET1.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa)
   Jun 23 15:02:51 OUR-HOST named[577]: sysquery: nslookup reports
danger (HOST2.SUBNET2.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa)
   Jun 23 15:02:51 OUR-HOST named[577]: sysquery: nslookup reports
danger (dns.SUBNET3.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa)
   Jun 23 15:02:51 OUR-HOST named[577]: sysquery:
query(dns.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa) A RR negative cache
entry (HOST2.SUBNET2.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa:)
   Jun 23 15:02:51 OUR-HOST named[577]: sysquery:
query(dns.OTHER.DOMAIN.AAA.BBB.CCC.in-addr.arpa) No possible A RRs

I'm curious as to what might be causing this.  Last night, over a span
of 15 minutes, I got nearly 1000 of these messages in my log file.  Is
it a problem with one (or more) of their hosts, is someone spoofing DNS
requests using their subnet, or is it a problem with my DNS
configuration?  I'm running RedHat 5.0 with bind-4.9.6-7.  Any insight
would be greatly appreciated.

Dan Cornell
dan@atension.com

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post