Log Entries DoS Attacks

Mark_Andrews at iengines.com Mark_Andrews at iengines.com
Sun Nov 21 21:35:52 UTC 1999

> Can someone please explain the significance of these log entries?
> Nov 20 23:34:43 www named[2436]: ns_forw: 
> query(www.mdwg.mer.cap.gov) contains
> our address (ns1.cap.gov:

	ns1.cap.gov is listed as a nameserver for one of the zone required
	to look up www.mdwg.mer.cap.gov but is not configured as a server
	for that zone.  In this case it is mdwg.mer.cap.gov.
> Nov 21 07:37:09 www named[2436]: dangling CNAME pointer 
> (rs.internic.net)

	Ignore this it is a normal response.   It is downgraded to a level
	3 debug message in the current release.

	Also if you are seeing this message you should be upgrading, see
	the following for why:
> On an unrelated issue, has anyone implemented or does anyone 
> have an opinion regarding implementing the patch and DoS attack 
> counter measures found at: 
> http://www.ciac.org/ciac/bulletins/j-063.shtml

	Ask those that have been on the end of such attacks:-)
	Yes many sites have implemented this.
> Thanks, Bill Webb 
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com

More information about the bind-users mailing list