In message b8cf98c8-86d0-42df-95a4-e98a65cab...@i15g2000pro.googlegroups.com,
asd...@gmail.com writes:
62.109.4.89 and 195.68.176.4 are compromized/attackers
Actually they are more likely to be under attack.
Make sure that you (and your ISP) have deployed the measures
in BCP 38 to ensure that you are not the source of such a
attack.
Mark
See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux-
help/140848-var-log-messages-question.html
Sample log entries:
Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query
(cache) './NS/IN' denied
Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query
(cache) './NS/IN' denied
Frequency: 40 to 90 queries from those hosts per minute.
-- Chris
On Feb 17, 2:19 pm, JINMEI Tatuya / ...@l@C#:H(B jinmei_tat...@isc.org
wrote:
At Tue, 17 Feb 2009 08:15:39 -0500,
Matthew Huff mh...@ox.com wrote:
17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
external-in: query: . IN NS +
...
logged, and I have verified that the query is refused, but nothing in the
log shows that it was refused. Is there anyway to log the success/failure
of
the queries?
Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5)
will provide a new logging category that can log the information you
seem to want:
17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED)
for ./IN/NS at query.c:3887
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users