I can think of two possibilities: 1) At some time in the past, a host *was* serving DNS at that address and some "foreign" hosts have cached the address.
i think your isp should have this info
Umm..did you look at my address? We own a class B. We don't have an ISP.
Not if the "other" DNS server is working. You're required to register two nameservers; a primary and a secondary. You only need one to answer queries. If a guy registered a domain and used *his* box for the primary and just grabbed a random IP to register as a "secondary", why would he care of the secondary didn't work?
then his domain is toast anyway as there is not dns server so effectively his domain is offline, this will be corrected soon if this is the case.
You're misunderstanding the problem. The problem is, we want to make sure our IPs aren't being used by someone else, even inadvertantly.
1. just block of port 53 / udp for that address at the firewall 2. run a dns server that replies to all the quries with localhost or 127.0.0.1 after you have found what is causing this 3. set the refresh time, TTL and other values to -1 this should solve most of the problems as the clients would simply stop querying
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html