Why is someone asking me for ". IN NS"?
Kevin Darcy
kcd at daimlerchrysler.com
Mon Aug 5 21:52:11 UTC 2002
David Botham wrote:
> > -----Original Message-----
> > From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> > Behalf Of Anders K.
> > Sent: Monday, August 05, 2002 12:51 PM
> > To: comp-protocols-dns-bind at isc.org
> > Subject: Why is someone asking me for ". IN NS"?
> >
> > I run a caching DNS server for my LAN, and lately I've been getting
> lots
> > of
> > messages about denied queries. After enabling query logging, I figured
> out
> > that someone is querying my server for ". IN NS":
> >
> > Aug 05 12:25:38.444 queries: info: client 64.71.156.114#54429: query:
> .. IN
> > NS
> > Aug 05 12:25:38.448 security: info: client 64.71.156.114#54429: query
> > (cache) denied
> >
> > $ host 64.71.156.114
> > 114.156.71.64.in-addr.arpa is an alias for
> > 114.subnet112.156.71.64.in-addr.arpa.
> > 114.subnet112.156.71.64.in-addr.arpa domain name pointer
> > 3dns-a.he-fre-ca.us.byterage.net.
> >
> > When I query myself for ". IN NS", all I get is some information about
> > root
> > servers. (I get the same information if I query my ISP's DNS server.)
> So
> > my
> > question is, who is this guy and why is he asking me about the root
> > servers?
>
> Could be that the user has your name servers in his resolv.conf file and
> is typing:
>
> dig
>
> at the commandline...
Or, it could be a nameserver misconfigured with yours in its forwarders
list or hints file (or whatever the equivalent parameters are for
non-BIND nameservers).
- Kevin
More information about the bind-users
mailing list