Lame Server: Who's making the request?
Kevin Darcy
kcd at daimlerchrysler.com
Tue Jul 25 00:08:36 UTC 2000
Why do you find it surprising that your internal nodes are querying
Internet names?
If all you want to do is track down who is using your server recursively,
you can just turn on query logging. Recursive queries are marked as
"XX+" in the query log (as opposed to just "XX" for iterative queries).
- Kevin
ken at byte-productions.com wrote:
> Is it possible to find out where a request that produces a lame server
> is originating from?
>
> My log files are getting "flooded" with lame server entries. If I
> understand it correctly, someone is making a request to my nameserver to
> resolve a domain name on a distant nameserver that responds with a "I'm
> not authoritative for this domain" answer. Correct?
>
> Anyway, what has me puzzled is that I, hopefully, have my nameserver
> configured to answer recursive queries from within the network and to
> respond to queries about our domain. The network doesn't have any
> workstations, only servers. I'm concerned the network may be
> compromised and if I can find out where the requests are being made, I
> might be able to isolate the host that may be compromised.
>
> Thanks for any guidance you can provide.
>
> -Ken Schweigert
>
> Jul 24 05:06:20 namesrv1 named[22078]: Lame server on
> '45.249.87.207.in-addr.arpa' (in '249.87.207.IN-ADDR.ARPA'?):
> [216.111.65.217].53 'ns1.qwest.net'
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
More information about the bind-users
mailing list