Confusing Log message

Barry Margolin barmar at alum.mit.edu
Fri May 7 04:16:06 UTC 2004


In article <c7ej0n$2l61$1 at sf1.isc.org>,
 "Michael Barber" <mikeb at comcity.com> wrote:

> I don't understand why Bind is allowing this...is there a setting to stop
> this?  What your describing won't work...because obviously means this person
> is a hacker.

Allowing what?  Don't you see where it says "denied query"?  That means 
it *didn't* allow it, presumably because the client isn't in your 
allow-query access list.

> In article <c7bkjt$1f3f$1 at sf1.isc.org>,
> 
> > Can someone tell me what the meaning of this log message is:
> >
> > denied query from [204.127.202.36].53 for "_ldap._tcp.
> > Default-First-Site-Name._sites.dc._msdcs.wvms.com" SRV/IN
> >
> > What does this mean: Default-First-Site-Name._sites.dc._msdcs.wvms.com"
> > SRV/IN  ?  Should someone be jerking my name server around like this?
> 
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.wmvms.com is the
> name of a record that the device with IP address 204.127.202.36 was
> trying to look up, and it was trying to look up a record with type SRV.
> These are used by Microsoft Active Directory services as ways to find
> servers -- in this case, I presume it's trying to find an LDAP server on
> your network.  The component "Default-First-Site-Name" suggests that the
> machine is not properly configured with your site's Windows domain.
> 
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***


More information about the bind-users mailing list