Log Entries DoS Attacks

Cricket Liu cricket at acmebw.com
Sun Nov 21 22:10:44 UTC 1999

> Can someone please explain the significance of these log entries?
> Nov 20 23:34:43 www named[2436]: ns_forw:
> query(www.mdwg.mer.cap.gov) contains
> our address (ns1.cap.gov:

This means your name server was trying to look up www.mdwg.mer.cap.gov
and received a referral to itself.  That shouldn't happen.  For example,
say your name server received a referral to itself from the cap.gov name
servers as a mer.cap.gov name server.  If your name server were really
authoritative for mer.cap.gov, it would never have needed to query the
cap.gov name servers to resolve the name in the first place.

> Nov 21 07:37:09 www named[2436]: dangling CNAME pointer
> (rs.internic.net)

That means your name server found an alias, rs.internic.net, that pointed
to a non-existent domain name.

> On an unrelated issue, has anyone implemented or does anyone
> have an opinion regarding implementing the patch and DoS attack
> counter measures found at:
> http://www.ciac.org/ciac/bulletins/j-063.shtml

What patch?  The countermeasures are all reasonable (limiting queries for
in certain zones).


Acme Byte & Wire
cricket at acmebw.com

Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class!  See www.acmebw.com/training.htm for
the schedule and to register for upcoming classes.

More information about the bind-users mailing list