[67576] in North American Network Operators' Group
Re: Interesting BIND error
daemon@ATHENA.MIT.EDU (Mike Lewinski)
Thu Feb 12 20:54:56 2004
Date: Thu, 12 Feb 2004 18:54:10 -0700
From: Mike Lewinski <mike@rockynet.com>
To: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0402121626450.4611@evccyr>
Errors-To: owner-nanog-outgoing@merit.edu
Brian Wallingford wrote:
> Feb 12 16:25:07 ns1 named[3150]: socket.c:1100: unexpected error:
Hmm. A few weeks ago I started noticing some similiar messages that I
had not ever seen before:
Jan 29 18:21:52 named[658]: socket.c:1100: unexpected error:
Jan 29 18:21:52 named[658]: internal_send: 210.22.158.126#39254:
Connection reset by peer
Jan 29 18:21:53 named[658]: client 210.22.158.126#39254: error sending
response: connection reset
On closer examination I could see that the remote client was attempting
DDNS updates to a zone that server was auth for.
It started Jan 29 03:19:39 MDT and then mysteriously ended Jan 31
11:06:11 MDT which I thought was a little odd. Usually someone sticks a
domain name that they like (but have no real relationship to) into their
Microsoft TCP/IP stack's domain name field and it tries to do it's
Active Directory update thingy forever (we have 'clark.com' which is
lots of fun). So once a client starts sending us updates, it's not
likely to ever stop.
FWIW, only a small percentage of the updates were generating this error....
# grep -c '210.22.158.126.*denied' messages.2
1375
# grep -c socket.c messages.2
24
