Then complain to their isp. That has solved most problems for me, and in any case it'll stop or you know it's your problem and not theirs.
If you can query your domain by switching your default nameservers to your machine's default NS, and not see any debug messages, you should be fine and complain away. That's only if you are using the same .host files in question, then you should have a fine test bed. Otherwise, i'd do a passive scan on their ip's and identify the OS in question, and test it before I complain. .01 cents P On 1/16/06, Steve Suhre <[EMAIL PROTECTED]> wrote: > > >Looks like someone is spamming your DNS server with queries. > > > >Two questions: > >1) Is v.tn.co.za a domain that you are authorative for? > >2) Are you an ISP and/or is client 64.18.133.103 authorized to use your DNS > >server? > > > >If the answer to 1) is NO, then there's no reason for these queries to be > >directed to your DNS server from the Internet. > >If the answer to 2) is NO, then there's no reason for these queries to be > >directed to your DNS server from the Internet. > > > >Source IP filtering is likely your best option, although it doesn't help > >with your T1 saturation, although it would give whoever is blasting these > >queries a clue. > > > >-- > >Matt Emmerton > > > > > > > > > Thanks Matt, > > The answer to both is no. The domain doesn't resolve either > (v.tn.co.za). It looks like the source IP changes too...sigh.... I tried > a whois on the source IP and it was not found, so it may be spoofed? Or > someone has a very messed up server... > > > > > > -- > > > > Steve Suhre > [EMAIL PROTECTED] > 719.439.6052 Cell > 719.632.2897 Home > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
