Three NameServer DOSing my <dns1>
Dave Sparro
dsparro at gmail.com
Thu Jul 29 18:25:52 UTC 2010
On 7/29/2010 2:11 PM, Michelle Konzack wrote:
> Hello Matus UHLAR - fantomas,
>> Your hostname is private and inaccessible from the outside. The requesters
>> get SERVFAIL reply which apparently makes them retry. If you provided them
>> any IP address (e.g. 127.0.0.1) they could be satisfied and stop trying
>> (until the cached record expires). You can try this if it makes you angry.
>
> I have removed the REJECT and immediatly gotten over 7000 MAILER-DAEMON
> errors from arround the world and this idiots are attaching WHOLE
> messages including attackments to it.
>
> 99% are MAILER-DAEMON messages du to faked From: using<linux4michelle>.
>
> Also the tries from<dtag.de>,<t-dialin.net> and<arcor-ip.de> are
> mostly MAILERDAEMON spam.
>
If there are spammers sending mail claiming to be from:
"linux4michelle at michelle1.private.tamay-dogan.net" that would be another
reason you would be seeing the queries. (Although I'd expect them to
come from a lot more DNS servers; maybe it is "targeted" spam).
Anyway, nothing says that you *have* to give an answer that actually
leads back to your mail server for that hostname.
--
Dave
More information about the bind-users
mailing list