DoS?
Sam Pointer
sam.pointer at hpdsoftware.com
Thu Oct 24 13:56:49 UTC 2002
Thankyou all.
Have already blackholed the offending IP addresses and contacted the dns
contact for the zone. Hopefully they will resolve it for themselves when
they see that some super-spiffing MS service that relies on AD is broken :)
-----Original Message-----
From: Len Conrad [mailto:LConrad at Go2France.com]
Sent: 24 October 2002 14:52
To: bind-users at isc.org
Subject: Re: DoS?
>I am getting bombarded with entries in my query and syslog
files. Here is a
>small subset:
>
>BIND query.log:
>client 200.76.208.70#54177: query:
_ldap._tcp.dc._msdcs.hpdsc.com IN SRV
Some MS GUI jockey randomly clicking on radio buttons has
screwed up his MS
DNS.
>client 200.76.208.70#54177: query:
_ldap._tcp.dc._msdcs.hpdsc.com IN SRV
These are queries for MS Active Directory services, located via
SRV records.
The underscore domain names, their queries, and SRV records are
strictly
intranet items that should never leak out to public internet.
Like MS's other famous screw up of making all w2k/xp OS's
"register" their
A records with DNS (ie, run as dynamic zone updaters) by
default, these SRV
thingies are harmless other than filling up your logs and wasting your
resources.
In bind,
options {blackhole {address_match_list } ; };
... will minimize the effects on your BIND machine.
Len
This email and any attachments are strictly confidential and are intended
solely for the addressee. If you are not the intended recipient you must
not disclose, forward, copy or take any action in reliance on this message
or its attachments. If you have received this email in error please notify
the sender as soon as possible and delete it from your computer systems.
Any views or opinions presented are solely those of the author and do not
necessarily reflect those of HPD Software Limited or its affiliates.
At present the integrity of email across the internet cannot be guaranteed
and messages sent via this medium are potentially at risk. All liability
is excluded to the extent permitted by law for any claims arising as a re-
sult of the use of this medium to transmit information by or to
HPD Software Limited or its affiliates.
More information about the bind-users
mailing list