On one of my servers I'm seeing numerous log entries of the following
type:
Oct 29 07:40:14 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0:
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0:
jkkfnbb4eep0h0ltjf1cisf4eo2lgnm5.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0:
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0:
jkkfnbb4eep0h0ltjf1cisf4eo2lgnm5.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]: validating @0x7f3378be05b0:
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]: validating @0x7f3378be05b0: fema.net
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]: validating @0x7f3378be05b0:
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit
(fema.net/DNSKEY)
I'm guessing this is some kind of brute force attack on BIND trying to
take advantage of a broken dnssec configuration for fema.net? The problem
is that the syslog is filled with these messages.
Antonio Querubin
e-mail: t...@lavanauts.org
xmpp: antonioqueru...@gmail.com
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
