query on non-query socket

Saso saso at siol.net
Fri Jul 30 07:50:24 UTC 1999 

In message <19990729175626.J9667 at space.net>, Markus Stumpf writes:
>For about three or four  weeks I accasionally see messages like these
>(dates GMT+2):
>
>28-Jul-1999 14:31:31.230 security: notice: refused query on non-query socket f
>rom [192.86.99.28].53
>28-Jul-1999 17:11:04.199 security: notice: refused query on non-query  socket 
>from [192.86.99.28].53
>

[snipped]

>Is this due to a broken resolver? Is this kind of an attack? Anyone else
>seeing this?

[snipped]

It is a new way many load ballancing products for web browsers work. They check the latency by connecting to your dns server on port 7 or port 53, probably depends on product.


--- Mail from Resonate Inc. ---

> >
> > Hello Sir,
> >
> > Alex at Doubleclick asked us to work with you regarding this ticket.
> >
> > We have reason to believe that the reports you've received regarding
> > these three machines being compromised is a misunderstanding as a result
> > of our enterprise traffic management software: Global Dispatch.  Global
> > Dispatch is a WAN-based scheduler that makes it easy to place content
> > close to geographically dispersed users and and intelligently directs
> > requests
> > to the best-suited Point of Presence (POP).
> >
> > In the course of determining the best suited POP, Global Dispatch preforms
> > a
> > latency measurement.  This latency measurement is done by making a
> > connection
> > to the client DNS server on TCP port 7 and then dropping the connection.
> > After
> > the latency measurement has been done, the latency values are cached, and
> > the
> > IP of the most responsive POP is returned to the requesting machine.
> >
> > I hope this help clear up the confusion. We are looking into other ways to
> > preform this latency mesurment, and hope we have not caused you any
> > inconvenience.
> >
> > --
> > Resonate Technical Support <support at resonate.com>

--- end of mail from Resonate Inc. ---

This topic was discussed on some other mail list a month and a half ago, if I remember correctly at least 2 products BigIP and Global Dispatch work this way, but you may find many others work in the similar way.

I hope this will help you a bit,

Regards,

Saso


-- 
Saso Virag
SiOL

More information about the bind-users mailing list