Dear Sebastian, Thanks for the update. I would like to inform you about another finding on this is that; my IPS report shows "DNS version request" from below said client to my DNS server more than 2000 times Unfortunately, i have not enabled logs in my internal DNS server. Any idea .. Regards Babu
--- On Mon, 9/1/12, Sebastian Tymków <sebastian.tym...@gmail.com> wrote: From: Sebastian Tymków <sebastian.tym...@gmail.com> Subject: Re: huge count of DNS deny hits To: "babu dheen" <babudh...@yahoo.co.in> Date: Monday, 9 January, 2012, 1:39 AM Hello, Did you check, what kind of queries your client performed ? Sometimes I saw on my DNS servers hits like yours. When I've checked my logs I saw that most queries ask for the same internet address which quided me that client might have virus. Best regards, Shamrock On Sun, Jan 8, 2012 at 2:03 PM, babu dheen <babudh...@yahoo.co.in> wrote: Dear All, Today we have noticed one peculier issue in our firewall logs. We have internal DNS server running in bind which is protected by firewall. All clients are allowed to perform DNS lookup using our BIND internal DNS server( so only UDP 53 is allowed from LAN to DNS server in firewall) But we noticed many DNS deny hits from BIND internal server to one client server (hit count around 6,00,00,000) in a day and the same time we saw around 5,00,000 allowed DNS lookup hits from that particular client to Internal DNS server. Can you guide me in what situation this kind of problem can occur? Regards Babu _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
