Named requests filling up T1
Steve Suhre
cheesiest at nano.net
Mon Jan 16 19:34:25 PST 2006
>Looks like someone is spamming your DNS server with queries.
>
>Two questions:
>1) Is v.tn.co.za a domain that you are authorative for?
>2) Are you an ISP and/or is client 64.18.133.103 authorized to use your DNS
>server?
>
>If the answer to 1) is NO, then there's no reason for these queries to be
>directed to your DNS server from the Internet.
>If the answer to 2) is NO, then there's no reason for these queries to be
>directed to your DNS server from the Internet.
>
>Source IP filtering is likely your best option, although it doesn't help
>with your T1 saturation, although it would give whoever is blasting these
>queries a clue.
>
>--
>Matt Emmerton
>
>
>
Thanks Matt,
The answer to both is no. The domain doesn't resolve either
(v.tn.co.za). It looks like the source IP changes too...sigh.... I tried
a whois on the source IP and it was not found, so it may be spoofed? Or
someone has a very messed up server...
--
Steve Suhre
steve at pasta.net
719.439.6052 Cell
719.632.2897 Home
More information about the freebsd-hackers
mailing list