On 27/03/13 15:57, Manson, John wrote:
Found this entry in external named log:
Mar 26 20:07:18 local@mercury named[4043]: [ID 873579 daemon.notice]
client *72.13.58.93*#39043: view outhouse: notify question section
contains no SOA
This IP is not one of mine.
Does the word ‘notify’ related to zone transfers or something else.
NOTIFY is a type of DNS message that a master sends to slaves to tell it
a new zone is available now (rather than waiting for the refresh to expire).
You wouldn't normally expect to see NOTIFY from clients, but maybe that
IP is (or thinks it is) a master for a zone you slave?
It might be someone just playing (testing, etc.) or a typo (packet sent
to wrong nameserver). It's unlikely to be a concerted hack, but even if
it was it wouldn't matter because you're all up-to-date with patches, right?
Our authoritative resolvers get a *tremendous* amount of crap that they
shouldn't see. From this, I conclude there's a lot of broken or
malicious stuff out there, but there's no real solution.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
