Jay C Austad
JCA at BigCharts.com
Mon Mar 27 14:51:11 UTC 2000
It may be an F5 (http://www.f5.com) 3DNS system. To route clients to the closest server (or cluster), it will attempt to do a zone xfer from the nameserver that requests an ip from it. It kills the TCP session after it recieves some data and doesn't let the zone xfer finish.
We use a 3DNS, and get some complaints once in awhile. It's not malicious, but if it bothers you, just block the ip. However, people using your nameserver will not be able to look up any hosts on domains that are authoritative on that particular 3DNS.
From: Jeroen Ruigrok van der Werven [mailto:asmodai at bart.nl]
Sent: Monday, March 27, 2000 6:11 AM
To: Bind Users
Subject: TCP truncated?
Can someone with more in-depth knowledge of the BIND source code please
tell me what this means?
Mar 27 14:04:54 hel named: ns_resp: TCP truncated:
"126.96.36.199.in-addr.arpa" IN PTR from [188.8.131.52].53
It seemingly only started today.
I am curious why they are using a TCP session for the NS stuff.
I am inclined to blackhole route this IP address since it goes on and
Thanks for any indication on what this is...
Jeroen Ruigrok van der Werven Network- and systemadministrator
<asmodai at bart.nl> VIA NET.WORKS The Netherlands
BSD: Technical excellence at its best http://www.bart.nl
I know you have tried, to feel...
More information about the bind-users