Hello, I brought online a new NS, one in which the IP has not been used before, at least, not for a NS. Maybe, many years ago, it was used as a http server.
I see a few queries come into my named logs that are clearly vulnerability scans, which while I do not like them, at least I understand why they are there. Curious are below: 06-Oct-2008 09:09:27.942 queries: info: client 149.20.56.10#20053: query: www.orkut.co.in IN ANY - 06-Oct-2008 09:01:01.025 queries: info: client 149.20.56.10#20053: query: www.capitalone.com IN ANY dig result 56.20.149.in-addr.arpa. 3600 IN SOA ns-int.isc.org. hostmaster.isc.org. 2008100500 7200 3600 604800 3600 Why does isc.org query my server? It is a non recursive server, and only does lookups for my local machines, and of course, authoritative lookups for the few domains I am hasting. I allow recursion on one IP, mine at home on a comcast connection. There are others, not isc.org based, but most of them are, calling out myspace, facebook, and perhaps the most frightening one was cakefarts.com (NSFW) Any help understanding what is going on would be most appreciated, thanks. -- Scott
