log file full of t-syr.com record!

Vishwas ivishwas at gmail.com
Tue Jul 3 12:44:40 UTC 2007


Hi All,
My BIND log is full of following entries.

03-Jul-2007 20:10:48.352 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:51.760 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:51.761 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:52.041 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:52.042 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:55.239 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:55.241 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:55.247 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:55.249 queries: info: client 127.0.0.1#38736: query:
t-syr.com IN A +
03-Jul-2007 20:10:58.620 queries: info: client 127.0.0.1#38736: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:58.621 queries: info: client 127.0.0.1#38737: query:
164.80.32.60.in-addr.arpa IN PTR +
03-Jul-2007 20:10:58.622 queries: info: client 127.0.0.1#38738: query:
t-syr.com IN A +
03-Jul-2007 20:10:58.624 queries: info: client 127.0.0.1#38739: query:
t-syr.com IN A +


The port numbers 387** are opened by user "bind".
This is giving me a feeling that may be my machine is compromised!?
Why should BIND daemon continuously ask for t-syr.com ?? Probably
these DNS query packets are spoofed packets. Any comments?



-- 
Best Regards,
Vishwas.
ivishwas.googlepages.com

I know quite certainly that I myself have no special talent;
curiosity, obsession and dogged endurance, combined with
self-criticism have brought me to my ideas. - Albert Einstein



More information about the bind-users mailing list