how to identify DNS request source?
David Botham
dns at botham.net
Thu Aug 8 21:29:26 UTC 2002
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Kevin Darcy
> Sent: Thursday, August 08, 2002 5:25 PM
> To: bind-users at isc.org
> Subject: Re: how to identify DNS request source?
>
>
> Hostmaster wrote:
>
> > My named-auth log shows repetitive requests (every 5 minutes) from
an
> > IP address for both a forward and inverse record. We are not
approving
> > the request and it is merely loading our name server and growing our
log
> > file. I am unable to determine the source of this request. nslookup
> yields
> > no information. Using Arin I have been able to find out who owns the
IP
> > address block which includes the requestor's IP address. How can we
> > find out who and what the offending culprit is? BTW we are not
> > running dynamic or cahced name servers. Any advice would be most
> > appreciated.
>
> This isn't really a DNS or BIND question.You could try starting with
the
> contact in the ARIN record, but frankly, I don't know that you'll get
> anywhere: a couple of queries every 5 minutes hardly constitutes
Denial of
> Service, so you really don't have any leverage to get these people to
stop
> doing what they're doing.
Oh, that was much simpler than my answer <lol>... :)
Dave...
>
>
> - Kevin
>
More information about the bind-users
mailing list