empty DoS queries

Frank Kirschner 147859 at celebrate.de
Mon Feb 23 13:20:03 UTC 2009


Hello,
since last night we log emtpty queries (approx. 4000 per seconds) like 
this from a client in our LAN:

23-Feb-2009 13:20:15.516 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +
23-Feb-2009 13:20:15.518 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +
23-Feb-2009 13:20:15.519 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +
23-Feb-2009 13:20:15.523 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +
23-Feb-2009 13:20:15.524 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +
23-Feb-2009 13:20:15.525 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +
23-Feb-2009 13:20:15.527 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +
23-Feb-2009 13:20:15.531 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +
23-Feb-2009 13:20:15.533 queries: info: client 10.48.0.19#2048: query: 
\(none\) IN A +


Additional there are also such log entries, (approx. 4000 per seconds):

23-Feb-2009 14:05:56.464 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.470 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.483 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.489 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.500 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.508 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.517 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.521 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.533 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.539 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.546 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.558 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.565 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.572 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.584 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +
23-Feb-2009 14:05:56.591 queries: info: client 10.48.0.19#2048: query: 
luca.inetgate.net IN A +

What could be the resons for it? Should I investigate and limit the 
packet flow by iptables/netfilter on port 53 of my BIND 9, actual 
release for Centos 5.2

best regards
Frank



More information about the bind-users mailing list