loads of Query denied... is it an attack or a misconfiguration ?

Thomas Manson dev.mansonthomas at gmail.com
Tue Feb 10 23:27:48 UTC 2009 

Hi,

I can see in my secondary DNS server a lot of logs with query(cache) denied
from the same ip.
I've traceroute one of them which seems to be a russian computer.


 * *
17  ns1.orlan-net.ru (195.68.176.4)  136.563 ms * *


Feb 11 00:21:49 ns1 named[13392]: client 195.68.176.4#59934: query (cache)
'./NS/IN'
denied

Feb 11 00:21:49 ns1 named[13392]: client 195.68.176.4#23591: query (cache)
'./NS/IN'
denied

Feb 11 00:21:53 ns1 named[13392]: client 195.68.176.4#54430: query (cache)
'./NS/IN'
denied

Feb 11 00:21:53 ns1 named[13392]: client 195.68.176.4#46875: query (cache)
'./NS/IN'
denied

Feb 11 00:21:55 ns1 named[13392]: client 195.68.176.4#43603: query (cache)
'./NS/IN'
denied

Feb 11 00:21:56 ns1 named[13392]: client 195.68.176.4#27124: query (cache)
'./NS/IN'
denied

Feb 11 00:21:58 ns1 named[13392]: client 62.193.206.133#14844: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:21:58 ns1 named[13392]: client 62.193.206.133#11936: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:21:58 ns1 named[13392]: client 62.193.206.133#5777: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:21:58 ns1 named[13392]: client 62.193.206.133#64647: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:21:58 ns1 named[13392]: client 62.193.206.133#41115: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:21:58 ns1 named[13392]: client 62.193.206.133#6712: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:21:59 ns1 named[13392]: client 195.68.176.4#38402: query (cache)
'./NS/IN'
denied

Feb 11 00:21:59 ns1 named[13392]: client 195.68.176.4#59205: query (cache)
'./NS/IN'
denied

Feb 11 00:22:01 ns1 named[13392]: client 195.68.176.4#36863: query (cache)
'./NS/IN'
denied

Feb 11 00:22:02 ns1 named[13392]: client 195.68.176.4#51511: query (cache)
'./NS/IN'
denied

Feb 11 00:22:03 ns1 named[13392]: client 62.193.206.134#50013: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:22:03 ns1 named[13392]: client 62.193.206.134#43818: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:22:03 ns1 named[13392]: client 62.193.206.134#10674: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:22:05 ns1 named[13392]: client 195.68.176.4#61345: query (cache)
'./NS/IN'
denied

Feb 11 00:22:05 ns1 named[13392]: client 195.68.176.4#5707: query (cache)
'./NS/IN'
denied

Feb 11 00:22:06 ns1 named[13392]: client 62.193.206.235#53811: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:22:06 ns1 named[13392]: client 62.193.206.235#53504: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:22:06 ns1 named[13392]: client 62.193.206.235#24805: query (cache)
'le-droit-de-lenfance.com/A/IN'
denied

Feb 11 00:22:07 ns1 named[13392]: client 195.68.176.4#50225: query (cache)
'./NS/IN'
denied

Feb 11 00:22:08 ns1 named[13392]: client 195.68.176.4#27039: query (cache)
'./NS/IN'
denied

Feb 11 00:22:08 ns1 named[13392]: client 195.68.176.4#47331: query (cache)
'./NS/IN'
denied

Feb 11 00:22:12 ns1 named[13392]: client 195.68.176.4#53740: query (cache)
'./NS/IN'
denied

Feb 11 00:22:12 ns1 named[13392]: client 195.68.176.4#53988: query (cache)
'./NS/IN'
denied

Feb 11 00:22:12 ns1 named[13392]: client 62.193.206.133#1995: query (cache)
'le-droit-de-lenfance.com/A/IN' denied


Is it a misconfiguration of my dns Server (which passes french nic test
so...) or an attack or something else ?

Is there anything I should do ?

Regards,
Thomas.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090211/7226f578/attachment.html>

More information about the bind-users mailing list