Confusing Log message

Barry Margolin barmar at alum.mit.edu
Fri May 7 18:25:40 UTC 2004


In article <c7ghua$1q3s$1 at sf1.isc.org>,
 "Michael Barber" <mikeb at comcity.com> wrote:

> It didn't this time...  The hacker needs to work harder at it I guess...
> 
> The point is why is it even "entertaining" the prospects of these type of
> queries.  Can I "turn-off" even the prospect of this type of query?

What "type of query" are you talking about?  All queries are pretty much 
the same as far as the server is concerned.  It's all just arbitrary 
data (except that NS and CNAME records need to be recognized and 
followed when performing recursive queries).

What more do you expect it to do other than reject the query because the 
client isn't in the access list?  A server can't prevent a client from 
sending a query in the first place.

> 
> 
> In article <c7ej0n$2l61$1 at sf1.isc.org>,
> 
> > I don't understand why Bind is allowing this...is there a setting to stop
> > this?  What your describing won't work...because obviously means this
> person
> > is a hacker.
> 
> Allowing what?  Don't you see where it says "denied query"?  That means
> it *didn't* allow it, presumably because the client isn't in your
> allow-query access list.
> 
> > In article <c7bkjt$1f3f$1 at sf1.isc.org>,
> >
> > > Can someone tell me what the meaning of this log message is:
> > >
> > > denied query from [204.127.202.36].53 for "_ldap._tcp.
> > > Default-First-Site-Name._sites.dc._msdcs.wvms.com" SRV/IN
> > >
> > > What does this mean: Default-First-Site-Name._sites.dc._msdcs.wvms.com"
> > > SRV/IN  ?  Should someone be jerking my name server around like this?
> >
> > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.wmvms.com is the
> > name of a record that the device with IP address 204.127.202.36 was
> > trying to look up, and it was trying to look up a record with type SRV.
> > These are used by Microsoft Active Directory services as ways to find
> > servers -- in this case, I presume it's trying to find an LDAP server on
> > your network.  The component "Default-First-Site-Name" suggests that the
> > machine is not properly configured with your site's Windows domain.
> >
> > --
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> 
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***


More information about the bind-users mailing list