Confusing Log message

Michael Barber mikeb at comcity.com
Fri May 7 17:37:55 UTC 2004


It didn't this time...  The hacker needs to work harder at it I guess...

The point is why is it even "entertaining" the prospects of these type of
queries.  Can I "turn-off" even the prospect of this type of query?


In article <c7ej0n$2l61$1 at sf1.isc.org>,

> I don't understand why Bind is allowing this...is there a setting to stop
> this?  What your describing won't work...because obviously means this
person
> is a hacker.

Allowing what?  Don't you see where it says "denied query"?  That means
it *didn't* allow it, presumably because the client isn't in your
allow-query access list.

> In article <c7bkjt$1f3f$1 at sf1.isc.org>,
>
> > Can someone tell me what the meaning of this log message is:
> >
> > denied query from [204.127.202.36].53 for "_ldap._tcp.
> > Default-First-Site-Name._sites.dc._msdcs.wvms.com" SRV/IN
> >
> > What does this mean: Default-First-Site-Name._sites.dc._msdcs.wvms.com"
> > SRV/IN  ?  Should someone be jerking my name server around like this?
>
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.wmvms.com is the
> name of a record that the device with IP address 204.127.202.36 was
> trying to look up, and it was trying to look up a record with type SRV.
> These are used by Microsoft Active Directory services as ways to find
> servers -- in this case, I presume it's trying to find an LDAP server on
> your network.  The component "Default-First-Site-Name" suggests that the
> machine is not properly configured with your site's Windows domain.
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***

--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***






More information about the bind-users mailing list