BIND 9 problem?
Mathias Körber
mathias at koerber.org
Fri Oct 27 01:47:58 UTC 2000
> I'm running a BIND 9 Server on a solaris machine and I keep getting =
this
> message from my firewall:
> 10/26/2000 16:52:01.080 - IP spoof detected -
> Source:172.16.2.8, 53, DMZ - Destination:169.254.230.30, 137, WAN -
Is that SOurce IP address your nameserver? What else is running on that
address?
> -
> It is impossible for 169.254.230.30 to connect from the WAN for one
> thing, and another is the fact that that I have never found a route to
> get to that IP address
169.254/16 is an IP block reserved for 'link-local' IP addresses, =
primarily
(only?) for use by DHCP. If a client which desires an IP address from a =
DHCP
server is unable to obtain one, it will assign itself one from this =
network
(after proing for a free one). This will allow this machine to =
communicate on
the local ethernet segment if it was unable to obtain a real IP address.
Obviously there are no routes supposed to be published for that network
(it's LINK-local!)
> Is this maybe a bug in BIND 9 that sends out packets to =
169.254.230.30?
> I can't even resolve a domain name for that IP address....
More information about the bind-users
mailing list