Botnet Malware issue on bind BIND 9.7.1-P2

WBrown at WBrown at
Mon Dec 5 18:08:01 UTC 2011

jagan padhi wrote on 12/05/2011 12:16:19 PM:

> First of all i would like to know what all these .ws domians.due to 
> this junk domain query CDNS servers load are  getting very high.
> Yes There is a limit set in my CDND server,however out of 100 query 
> 60 queries are coming for these junk domains.
Without the RPZ feature of bind 9.8, you could add a bogus zone for the 
.ws domain to your servers.  Either return an answer for *.ws as whatever 
you want, or have just the SOA record.  Either way, you're not waiting for 
a recursive query to time out.

What kind of host is the source of the queries?  

Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.

More information about the bind-users mailing list