On Tue, 2009-01-27 at 07:45, Tony Toews [MVP] wrote: > Folks > > Warning - I know just enough about Bind to be dangerous. Which is why I'm > asking. > > I just noticed that our small scale Bind server as a lot of the following > lines. > > 26-Jan-2009 14:28:24.004 client 76.9.16.171#23101: query: . IN NS + > 26-Jan-2009 14:28:58.254 client 63.217.28.226#28035: query: . IN NS + > 26-Jan-2009 14:29:00.691 client 63.217.28.226#35549: query: . IN NS + > 26-Jan-2009 14:29:26.332 client 76.9.16.171#19817: query: . IN NS + > > As far as I can tell from the same 5 or 20 IP addresses. I haven't seen > these lines > before. >
This is not your config, so long as you are not answering thats fine. It's a forged request asking you to participate in a DDoS thats been going on since last Wedensday, it's best if you firewall off your replies to those IP's so you don't participate in harming the innocent victims.
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
