cricket at menandmice.com
Thu Oct 24 15:09:34 UTC 2002
Sam Pointer wrote:
> I am also now receiving these from another 2 IP addresses in Mexico.
> Again, because of your advice I am not concerned and post merely out
> of interest. The IPs are 188.8.131.52 and 184.108.40.206, and are
> assigned to a completely different company.
> The records they are trying to insert are *exactly* the same..., and
> I mean exactly - even down to the machine-specifc portions of the
> records... which leads me to think that this may be more than a
> simple screw-up on someone's part.
> Maybe I am being overly paranoid, maybe not (here's some examples):
> client 220.127.116.11#54177: query:
> IN SOA
> client 18.104.22.168#17100: query:
> IN SOA
> client 22.214.171.124#16265: query: PRDCMX01.hpdsc.com IN SOA
> client 126.96.36.199#3711: query: PRDCMX01.hpdsc.com IN SOA
These aren't records those clients are trying to insert; they're records
clients are trying to look up. And they're exactly the same because you're
dealing with clients for the same AD domain.
Men & Mice
DNS Software, Training and Consulting
The DNS and BIND Cookbook, available now!
More information about the bind-users