unauthorized update attempts
acorns
acorns at joreybump.com
Sat Feb 2 00:27:19 UTC 2002
I'm using bind-9.1.3-4, which defaults to disallow dynamic updates, so I
realize I'm safe. Here is what is appearing in my log:
Jan 30 01:52:10 ns3 named[13195]: dynamic update failed: 'RRset exists
(value dependent)' prerequisite not satisfied (NXRRSET)
Jan 30 01:52:10 ns3 named[13195]: client 210.0.186.86#65078: update denied
I've set up ipchains to deny this entire C class, as I have received
other update attempts from this IP range in the past. It's not one of my
own hosts (the IP seems to be somewhere in Asia), which makes me wonder
what these attempts are trying to accomplish. On my old server (running
bind 8) the error messages were more verbose, so I could see which
domain was targeted. We regularly bounce mail for unknown users at this
domain, which suggests that someone might be trying to use it.
Should I assume this is a hijack attempt, or a misconfigured name
server? Can anyone recommend any additional precautions?
More information about the bind-users
mailing list