is this a DOS attack

[Cricket Liu]

Chris wrote:
> In my log file this entry appears at least 50 times in succession..
> 
> client 209.87.232.140#1307: update denied: 1Times(s)
> 
> Can anyone say if this is a DOS attack? I am running the security
> measure "allow-transfer { none; };
> If this was a regular query then why is it happening so often in
> succession and so persistent.  The IP address resloves to
> "dialup-ott-nasi-6.cuic.ca"  If I was to translate, I would say that
> this host is out of Canada, Province of Ottawa maybe an ISP... My
> primary concern is about the DOS question....

If it's one IP address sending a dynamic update 50 times, it's more
likely misconfiguration.  (Or a really lame DoS attack.)  It's probably
someone who's configured his Windows box with a domain name
that your name server is authoritative for, and it's trying to register
itself.

You could try to contact the ISP, or just ignore the message, or
add that address to your blackhole list.

cricket

Men & Mice
DNS Software, Training and Consulting
www.menandmice.com

The DNS and BIND Cookbook, available now!
http://www.oreilly.com/catalog/dnsbindckbk/