numerous nsec3 bad cache hits
Antonio Querubin
tony at lavanauts.org
Wed Oct 29 17:46:28 UTC 2014
On one of my servers I'm seeing numerous log entries of the following
type:
Oct 29 07:40:14 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0:
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0:
jkkfnbb4eep0h0ltjf1cisf4eo2lgnm5.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0:
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0:
jkkfnbb4eep0h0ltjf1cisf4eo2lgnm5.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]: validating @0x7f3378be05b0:
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]: validating @0x7f3378be05b0:
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
I'm guessing this is some kind of brute force attack on BIND trying to
take advantage of a broken dnssec configuration for fema.net? The problem
is that the syslog is filled with these messages.
Antonio Querubin
e-mail: tony at lavanauts.org
xmpp: antonioquerubin at gmail.com
More information about the bind-users
mailing list