Sam Pointer sam.pointer at
Thu Oct 24 14:48:35 UTC 2002

I am also now receiving these from another 2 IP addresses in Mexico. Again,
because of your advice I am not concerned and post merely out of interest.
The IPs are and, and are assigned to a
completely different company.

The records they are trying to insert are *exactly* the same..., and I mean
exactly - even down to the machine-specifc portions of the records... which
leads me to think that this may be more than a simple screw-up on someone's

Maybe I am being overly paranoid, maybe not (here's some examples):

client query: IN
client query: IN

client query: IN SOA
client query: IN SOA

-----Original Message-----
From: Len Conrad [mailto:LConrad at]
Sent: 24 October 2002 14:52
To: bind-users at
Subject: Re: DoS?

>I am getting bombarded with entries in my query and syslog files. Here is a
>small subset:
>BIND query.log:
>client query: IN SRV

Some MS GUI jockey randomly clicking on radio buttons has screwed up his MS 

>client query: IN SRV

These are queries for MS Active Directory services, located via SRV records.

The underscore domain names, their queries, and SRV records are strictly 
intranet items that should never leak out to public internet.

Like MS's other famous screw up of making all w2k/xp OS's "register" their 
A records with DNS (ie, run as dynamic zone updaters) by default, these SRV 
thingies are harmless other than filling up your logs and wasting your 

In bind,

options {blackhole {address_match_list } ; };

... will minimize the effects on your BIND machine.


This email and any attachments are strictly confidential and are intended
solely for the addressee. If you are not the intended recipient you must
not disclose, forward, copy or take any action in reliance on this message
or its attachments. If you have received this email in error please notify
the sender as soon as possible and delete it from your computer systems.
Any views or opinions presented are solely those of the author and do not
necessarily reflect those of HPD Software Limited or its affiliates.

 At present the integrity of email across the internet cannot be guaranteed
and messages sent via this medium are potentially at risk.  All liability
is excluded to the extent permitted by law for any claims arising as a re-
sult of the use of this medium to transmit information by or to 
HPD Software Limited or its affiliates.

More information about the bind-users mailing list