Strange message in log
Kevin Darcy
kcd at daimlerchrysler.com
Wed Oct 10 23:44:39 UTC 2001
Barry Margolin wrote:
> In article <9q2lmr$qbt at pub3.rc.vix.com>, John <vo at eudoramail.com> wrote:
> >Got a strange message from my dns daemon in my log:
> >
> >Oct 10 15:54:17 nycdns named[20193]: Response from unexpected source ([149.174.2
> >11.13].53)
> >
> >What does that mean?
>
> Wow, haven't seen that one in a long time.
>
> It means that 149.174.211.13 is a machine with multiple IP addresses, and
> it's running an ancient version of BIND that doesn't ensure that replies
> come from the same address that the query was sent to. Your server sent a
> query to one of its other addresses, but since the response came from a
> different address, it's being ignored (as far as your server is concerned,
> it looks like someone spoofing a DNS reply).
It's not just ancient BIND nameservers that do this. We have some Cisco devices
which exhibit the same behavior.
- Kevin
More information about the bind-users
mailing list