DoS?

Sam Pointer sam.pointer at hpdsoftware.com
Thu Oct 24 13:56:49 UTC 2002


Thankyou all.

Have already blackholed the offending IP addresses and contacted the dns
contact for the zone. Hopefully they will resolve it for themselves when
they see that some super-spiffing MS service that relies on AD is broken :)

-----Original Message-----
From: Len Conrad [mailto:LConrad at Go2France.com]
Sent: 24 October 2002 14:52
To: bind-users at isc.org
Subject: Re: DoS?




>I am getting bombarded with entries in my query and syslog 
files. Here is a
>small subset:
>
>BIND query.log:
>client 200.76.208.70#54177: query: 
_ldap._tcp.dc._msdcs.hpdsc.com IN SRV

Some MS GUI jockey randomly clicking on radio buttons has 
screwed up his MS 
DNS.

>client 200.76.208.70#54177: query: 
_ldap._tcp.dc._msdcs.hpdsc.com IN SRV

These are queries for MS Active Directory services, located via 
SRV records.

The underscore domain names, their queries, and SRV records are 
strictly 
intranet items that should never leak out to public internet.

Like MS's other famous screw up of making all w2k/xp OS's 
"register" their 
A records with DNS (ie, run as dynamic zone updaters) by 
default, these SRV 
thingies are harmless other than filling up your logs and wasting your 
resources.

In bind,

options {blackhole {address_match_list } ; };

... will minimize the effects on your BIND machine.

Len



This email and any attachments are strictly confidential and are intended
solely for the addressee. If you are not the intended recipient you must
not disclose, forward, copy or take any action in reliance on this message
or its attachments. If you have received this email in error please notify
the sender as soon as possible and delete it from your computer systems.
Any views or opinions presented are solely those of the author and do not
necessarily reflect those of HPD Software Limited or its affiliates.

 At present the integrity of email across the internet cannot be guaranteed
and messages sent via this medium are potentially at risk.  All liability
is excluded to the extent permitted by law for any claims arising as a re-
sult of the use of this medium to transmit information by or to 
HPD Software Limited or its affiliates.




More information about the bind-users mailing list