strange logs
Michael Sharp
ms at probsd.org
Sat Jun 26 09:49:19 UTC 2004
I've noticed this the past few weeks in /var/log/messages:
Jun 24 15:45:06 darken named[232]: client 66.98.244.52#1039: zone transfer
'coastal-law.org/IN' denied
Jun 24 15:47:10 darken named[232]: client 66.98.244.52#1039: zone transfer
'cherrypointyoungmarines.org/IN' denied
Jun 24 16:45:06 darken named[232]: client 66.98.244.52#1039: zone transfer
'coastal-law.org/IN' denied
Jun 24 16:47:10 darken named[232]: client 66.98.244.52#1039: zone transfer
'cherrypointyoungmarines.org/IN' denied
I run DNS for those two domains plus probsd.org. The client resolves to a
EV1.net machine.
In an attempt to block this host, I ran route -nq add -host 66.98.244.52
127.0.0.1 -blackhole to deroute this host, yet this continues. I do not
have ipfw or ipfilter installed as I am behind a hardware firewall so I
might try that later.
But my question is, what is that host looking for? And why consistently
every 3 hrs for the past few weeks?
Michael
More information about the bind-users
mailing list