Hi all, I am detecting some unusual message like below in my log file /var/log/named.log. I am using bind-8.2.2 which is going to be upgraded soon.
12-Jun-2003 12:07:00.180 security: notice: unapproved query from [202.79.48.112].1067 for "global.msads.net" Jun-2003 12:11:52.147 cname: info: "cmhc.umdnj.edu IN MX" points to a CNAME (MX1.umdnj.edu) Jun-2003 12:11:52.147 cname: info: "cmhc.umdnj.edu IN MX" points to a CNAME (MX2.umdnj.edu) Jun-2003 12:12:16.622 response-checks: info: unrelated additional info 'cwdsbol.net' type A from [63.251.83.36].53 Jun-2003 12:13:23.693 security: notice: unapproved query from [61.213.173.2].55555 for "c.mii.instacontent.net" Jun-2003 12:18:27.238 cname: info: "linux-delhi.org IN NS" points to a CNAME (ns.linux-delhi.org) Jun-2003 12:21:22.049 security: notice: unapproved query from [202.79.48.112].1064 for "sea1fd.sea1.hotmail.msn.com" Jun-2003 12:21:39.759 security: notice: unapproved query from [202.79.48.112].1067 for "rad.msn.com" Jun-2003 12:21:42.176 security: notice: unapproved query from [202.79.48.112].1070 for "global.msads.net" Jun-2003 12:22:37.626 security: notice: unapproved query from [202.79.48.112].1072 for "newsletter.webmd.com" Jun-2003 12:22:40.217 security: notice: unapproved query from [202.79.48.112].1072 for "newsletter.webmd.com" Jun-2003 12:22:46.379 security: notice: unapproved query from [202.79.48.112].1076 for "my.webmd.com" Jun-2003 12:22:47.203 security: notice: unapproved query from [202.79.48.112].1076 for "my.webmd.com" Jun-2003 12:22:50.337 security: notice: unapproved query from [202.79.48.112].1078 for "a876.g.akamai.net" Jun-2003 12:23:40.184 security: notice: unapproved query from [202.79.48.112].1080 for "alert.webmd.com" Jun-2003 12:24:22.537 security: notice: unapproved query from [202.79.48.112].1069 for "images.webmd.com" Jun-2003 12:24:23.313 security: notice: unapproved query from [202.79.48.112].1069 for "images.webmd.com" Jun-2003 12:26:54.907 cname: info: "cmhc.umdnj.edu IN MX" points to a CNAME (MX1.umdnj.edu) Jun-2003 12:26:54.907 cname: info: "cmhc.umdnj.edu IN MX" points to a CNAME (MX2.umdnj.edu) Jun-2003 12:27:18.697 security: notice: unapproved query from [202.79.48.112].1083 for "diet.webmd.com" Jun-2003 12:27:20.221 security: notice: unapproved query from [202.79.48.112].1083 for "diet.webmd.com" Jun-2003 12:27:38.970 security: notice: unapproved query from [202.79.48.112].21037 for "mail.nmcth.edu" Jun-2003 12:27:41.285 security: notice: unapproved query from [202.79.48.112].21037 for "mail.nmcth.edu" Jun-2003 12:28:06.298 security: notice: unapproved query from [202.79.48.112].21030 for "track.did-it.com" Jun-2003 12:28:07.240 security: notice: unapproved query from [202.79.48.112].21030 for "track.did-it.com" Jun-2003 12:29:00.540 security: notice: unapproved query from [202.79.48.112].21042 for "www.medscape.com" Jun-2003 12:29:02.020 security: notice: unapproved query from [202.79.48.112].21042 for "www.medscape.com" Jun-2003 12:29:22.004 security: notice: unapproved query from [202.79.48.112].21044 for "images.medscape.com" Jun-2003 12:29:23.600 security: notice: unapproved query from [202.79.48.112].21044 for "images.medscape.com" Jun-2003 12:29:24.108 security: notice: unapproved query from [202.79.48.112].21046 for "ads.medscape.com" Jun-2003 12:29:35.724 security: notice: unapproved query from [202.79.48.112].21048 for "adimage.medscape.com" Jun-2003 12:29:36.922 security: notice: unapproved query from [202.79.48.112].21048 for "adimage.medscape.com" Jun-2003 12:31:47.377 security: notice: unapproved query from [65.216.116.15].55555 for 11-Jun-2003 21:26:55.433 lame-servers: info: Lame server on 'www.www.mgmmumbai.com.edu' (in 'com.EDU'?): [151.164.1.1].53 'NS1.SWBELL.NET' Jun-2003 21:27:00.182 cname: info: "med.unc.edu IN MX" points to a CNAME (mailhost.med.unc.edu) Jun-2003 21:30:59.123 response-checks: info: bad referral (57.91.216.in-addr.arpa !< 197.57.91.216.in-addr.arpa) Jun-2003 21:30:59.124 response-checks: info: bad referral (57.91.216.in-addr.arpa !< 197.57.91.216.in-addr.arpa) Jun-2003 21:30:59.124 response-checks: info: bad referral (57.91.216.in-addr.arpa !< 197.57.91.216.in-addr.arpa) Jun-2003 21:34:27.437 security: notice: unapproved query from [61.213.173.2].55555 for "p.mii.instacontent.net" Jun-2003 21:34:31.989 security: notice: unapproved query from [65.216.116.15].55555 for "p.mii.instacontent.net" Jun-2003 21:56:46.992 lame-servers: info: Lame server on 'AdmanExpress.com' (in 'AdmanExpress.com'?): [66.28.229.34].53 'NS2.TIPRELEASE.com' Jun-2003 21:57:53.233 lame-servers: info: Lame server on 'pacific.net.ph' (in 'pacific.net.ph'?): [210.23.234.65].53 'ns2.pacific.net.ph' Jun-2003 21:58:10.269 lame-servers: info: Lame server on 'slt.lk' (in 'slt.lk'?): [12.127.16.70].53 'dmtu.mt.ns.els- gms.att.net' Jun-2003 21:59:51.882 lame-servers: info: Lame server on 'mail.corpex.de' (in 'corpex.DE'?): [212.121.128.2].53 'ns1.de.colt.net' Jun-2003 22:00:53.502 lame-servers: info: Lame server on 'nisc.slt.lk' (in 'slt.lk'?): [199.191.128.106].53 'dbru.br.ns.els-gms.att.net' Jun-2003 22:04:34.540 lame-servers: info: Lame server on 'www.paidpartners.com' (in 'paidpartners.com'?): [64.215.34.6].53 'ns1.harborcom.com' Jun-2003 22:10:06.773 lame-servers: info: Lame server on 'listserv.ActiveState.com' (in 'ActiveState.com'?): [209.135.99.3].53 'ns2.toroon.grouptelecom.net' Jun-2003 22:11:41.980 security: notice: unapproved query from [65.216.116.15].55555 for "instacontent.mirror-image.net" Jun-2003 22:20:49.649 maintenance: info: Cleaned cache of 649 RRsets Jun-2003 22:20:49.649 statistics: info: USAGE 1055349349 1055334949 CPU=4.28u/1.42s CHILDCPU=0u/0s Jun-2003 22:20:49.649 statistics: info: NSTATS 1055349349 1055334949 A=4943 CNAME=1 SOA=274 PTR=410 MX=743 AAAA=553 ANY=3270 Jun-2003 22:20:49.649 statistics: info: XSTATS 1055349349 1055334949 RR=6539 RNXD=551 RFwdR=4175 RDupR=41 RFail=18 RFErr=0 RErr=5 RAXFR=0 RLame=32 ROpts=0 SSysQ=1412 SAns=7068 SFwdQ=3789 SDupQ=433 SErr=1 RQ=10235 RIQ=0 RFwdQ=0 RDupQ=93 RTCP=1 SFwdR=4175 SFail=0 SFErr=0 SNaAns=6021 SNXD=132 Jun-2003 22:22:31.609 lame-servers: info: Lame server on 'www.xxxthumbsgirls.com' (in 'xxxthumbsgirls.com'?): [64.156.138.2].53 'ns2.web229.net' Jun-2003 22:22:54.881 lame-servers: info: Lame server on 'www.kumaribank.com' (in 'kumaribank.com'?): [202.51.64.130].53 'idlewild.ccnep.com.np' Jun-2003 22:27:58.925 lame-servers: info: Lame server on 'omsepi.ebonet.net' (in 'ebonet.NET'?): [204.59.144.222].53 'ns1.gip.net' Jun-2003 22:28:46.766 lame-servers: info: Lame server on 'ssl3.ama-assn.org' (in 'ama-assn.org'?): [198.6.100.21].53 'AUTH10.NS.WCOM.COM' Jun-2003 22:34:23.163 security: notice: unapproved update from [202.52.231.216].1063 for 231.52.202.in-addr.arpa Jun-2003 22:49:36.271 lame-servers: info: Lame server on 'indiatimes.com' (in 'indiatimes.com'?): [203.200.107.162].53 'timesgate.toi.co.in' Jun-2003 22:56:47.057 lame-servers: info: Lame server on 'AdmanExpress.com' (in 'AdmanExpress.com'?): [66.28.229.34].53 'NS2.TIPRELEASE.com' Jun-2003 23:06:14.293 security: notice: unapproved query from [65.216.116.15].55555 for "instacontent.mirror-image.net" Jun-2003 23:06:19.147 security: notice: unapproved query from [61.213.173.2].55555 for "instacontent.mirror-image.net" Jun-2003 23:06:29.243 lame-servers: info: Lame server on '18.0-27.244.3.212.in-addr.arpa' (in '0-27.244.3.212.in- addr.arpa'?): [212.3.224.115].53 'ns09.customer.eu.level3.net' Jun-2003 23:06:30.058 lame-servers: info: Lame server on '18.0-27.244.3.212.in-addr.arpa' (in '0-27.244.3.212.in- addr.arpa'?): [212.3.224.116].53 'ns10.customer.eu.level3.net' Jun-2003 23:08:42.882 lame-servers: info: Lame server on 'adultfriendfinder.com' (in 'adultfriendfinder.com'?): [209.185.12.41].53 'dns.adultfriendfinder.com' Jun-2003 23:09:11.037 security: notice: unapproved query from [61.213.173.2].55555 for "p.mii.instacontent.net" Jun-2003 23:20:49.660 maintenance: info: Cleaned cache of 813 RRsets Jun-2003 23:20:49.660 statistics: info: USAGE 1055352949 1055334949 CPU=5.51u/1.7s CHILDCPU=0u/0s Jun-2003 23:20:49.660 statistics: info: NSTATS 1055352949 1055334949 A=6757 CNAME=1 SOA=342 PTR=496 MX=922 AAAA=655 ANY=3963 Jun-2003 23:20:49.660 statistics: info: XSTATS 1055352949 1055334949 RR=8302 RNXD=656 RFwdR=5341 RDupR=66 RFail=32 RFErr=0 RErr=9 RAXFR=0 RLame=43 ROpts=0 SSysQ=1700 SAns=9130 SFwdQ=4868 SDupQ=542 SErr=1 RQ=13185 RIQ=0 RFwdQ=0 RDupQ=118 RTCP=5 SFwdR=5341 SFail=0 SFErr=0 SNaAns=7867 SNXD=186 Jun-2003 23:28:21.167 lame-servers: info: Lame server on 'willinet.net' (in 'willinet.NET'?): [216.81.128.201].53 'ns2.lh.net' Jun-2003 23:31:11.024 response-checks: info: bad referral (. !< megaweb.com) Jun-2003 23:31:14.870 response-checks: info: bad referral (. !< newpic.com) Jun-2003 23:31:21.163 response-checks: info: bad referral (. !< 37.com) Jun-2003 23:31:21.169 response-checks: info: bad referral (. !< megaspider.com) Jun-2003 23:31:38.096 response-checks: info: bad referral (. !< send-a-link.com) Jun-2003 23:31:40.499 response-checks: info: bad referral (. !< 37.com) Jun-2003 23:31:40.978 response-checks: info: bad referral (. !< 37.com) Jun-2003 23:32:29.464 response-checks: info: bad referral (. !< 800chat.com) Jun-2003 23:47:20.557 response-checks: info: bad referral (96.82.146.in-addr.arpa !< 192-255.96.82.146.in-addr.arpa) Jun-2003 23:56:47.124 lame-servers: info: Lame server on 'AdmanExpress.com' (in 'AdmanExpress.com'?): [66.28.229.34].53 'NS2.TIPRELEASE.com' Jun-2003 23:56:58.647 lame-servers: info: Lame server on '210.198.55.139.in-addr.arpa' (in '198.55.139.in-addr.arpa'?): [207.91.5.252].53 'ns2.navix.net' Jun-2003 23:57:01.783 lame-servers: info: Lame server on '210.198.55.139.in-addr.arpa' (in '198.55.139.in-addr.arpa'?): [207.91.5.20].53 'ns1.navix.net' Jun-2003 23:57:02.696 default: info: ns_forw: query(210.198.55.139.in-addr.arpa) All possible A RR's lame Jun-2003 00:20:49.660 maintenance: info: Cleaned cache of 664 RRsets Jun-2003 00:20:49.660 statistics: info: USAGE 1055356549 1055334949 CPU=6.46u/1.92s CHILDCPU=0u/0s Jun-2003 00:20:49.661 statistics: info: NSTATS 1055356549 1055334949 A=7712 CNAME=1 SOA=411 PTR=600 MX=1106 AAAA=774 ANY=4728 Jun-2003 00:20:49.661 statistics: info: XSTATS 1055356549 1055334949 RR=9499 RNXD=770 RFwdR=6155 RDupR=66 RFail=52 RFErr=0 RErr=9 RAXFR=0 RLame=47 ROpts=0 SSysQ=1955 SAns=10615 SFwdQ=5615 SDupQ=851 SErr=1 RQ=15392 RIQ=0 RFwdQ=0 RDupQ=191 RTCP=5 SFwdR=6155 SFail=0 SFErr=0 SNaAns=9055 SNXD=199 Jun-2003 00:24:24.435 lame-servers: info: Lame server on 'cliftoncpa.com' (in 'cliftoncpa.com'?): [207.252.96.3].53 'ns-east.cerf.net' Jun-2003 00:56:47.179 lame-servers: info: Lame server on 'AdmanExpress.com' (in 'AdmanExpress.com'?): [66.28.229.34].53 'NS2.TIPRELEASE.com' Jun-2003 01:20:49.660 maintenance: info: Cleaned cache of 588 RRsets Jun-2003 01:20:49.662 statistics: info: USAGE 1055360149 1055334949 CPU=7.06u/2.08s CHILDCPU=0u/0s Jun-2003 01:20:49.662 statistics: info: NSTATS 1055360149 1055334949 A=8367 CNAME=1 SOA=475 PTR=666 MX=1282 AAAA=861 ANY=5287 Jun-2003 01:20:49.662 statistics: info: XSTATS 1055360149 1055334949 RR=10100 RNXD=838 RFwdR=6546 RDupR=66 RFail=55 RFErr=0 RErr=10 RAXFR=0 RLame=49 ROpts=0 SSysQ=2117 SAns=11720 SFwdQ=6025 SDupQ=1520 SErr=1 RQ=17010 RIQ=0 RFwdQ=0 RDupQ=341 RTCP=5 SFwdR=6546 SFail=0 SFErr=0 SNaAns=9960 SNXD=223 Jun-2003 01:56:47.289 lame-servers: info: Lame server on 'AdmanExpress.com' (in 'AdmanExpress.com'?): [66.28.229.34].53 'NS2.TIPRELEASE.com' Jun-2003 02:20:49.669 maintenance: info: Cleaned cache of 410 RRsets Jun-2003 02:20:49.670 statistics: info: USAGE 1055363749 1055334949 CPU=7.49u/2.17s CHILDCPU=0u/0s Jun-2003 02:20:49.670 statistics: info: NSTATS 1055363749 1055334949 A=8726 CNAME=1 SOA=544 PTR=728 MX=1448 AAAA=920 ANY=5897 Jun-2003 02:20:49.670 statistics: info: XSTATS 1055363749 1055334949 RR=10458 RNXD=890 RFwdR=6769 RDupR=66 RFail=58 RFErr=0 RErr=10 RAXFR=0 RLame=50 ROpts=0 SSysQ=2247 SAns=12824 SFwdQ=6241 SDupQ=1878 SErr=1 RQ=18349 RIQ=0 RFwdQ=0 RDupQ=374 RTCP=5 SFwdR=6769 SFail=0 SFErr=0 SNaAns=10832 SNXD=234 Jun-2003 03:20:49.669 maintenance: info: Cleaned cache of 331 RRsets Jun-2003 03:20:49.672 statistics: info: USAGE 1055367349 1055334949 CPU=7.68u/2.21s CHILDCPU=0u/0s Jun-2003 03:20:49.672 statistics: info: NSTATS 1055367349 1055334949 A=8995 CNAME=1 SOA=611 PTR=744 MX=1628 AAAA=996 ANY=6283 Jun-2003 03:20:49.672 statistics: info: XSTATS 1055367349 1055334949 RR=10561 RNXD=906 RFwdR=6850 RDupR=66 RFail=58 RFErr=0 RErr=10 RAXFR=0 RLame=50 ROpts=0 SSysQ=2276 SAns=13591 SFwdQ=6363 SDupQ=2286 SErr=1 RQ=19346 RIQ=0 RFwdQ=0 RDupQ=482 RTCP=5 SFwdR=6850 SFail=0 SFErr=0 SNaAns=11467 SNXD=239 Jun-2003 04:20:49.679 maintenance: info: Cleaned cache of 142 RRsets Jun-2003 04:20:49.679 statistics: info: USAGE 1055370949 1055334949 CPU=7.86u/2.28s CHILDCPU=0u/0s Jun-2003 04:20:49.679 statistics: info: NSTATS 1055370949 1055334949 A=9134 CNAME=1 SOA=673 PTR=744 MX=1911 AAAA=1312 ANY=6506 Jun-2003 04:20:49.679 statistics: info: XSTATS 1055370949 1055334949 RR=10561 RNXD=906 RFwdR=6850 RDupR=66 RFail=58 RFErr=0 RErr=10 RAXFR=0 RLame=50 ROpts=0 SSysQ=2284 SAns=13940 SFwdQ=6558 SDupQ=3491 SErr=1 RQ=20369 RIQ=0 RFwdQ=0 RDupQ=961 RTCP=5 SFwdR=6850 SFail=0 SFErr=0 SNaAns=11732 SNXD=239 Jun-2003 05:20:49.678 maintenance: info: Cleaned cache of 49 RRsets Jun-2003 05:20:49.682 statistics: info: USAGE 1055374549 1055334949 CPU=8.03u/2.34s CHILDCPU=0u/0s Jun-2003 05:20:49.682 statistics: info: NSTATS 1055374549 1055334949 A=9408 CNAME=1 SOA=740 PTR=744 MX=2251 AAAA=1636 ANY=6707 Jun-2003 05:20:49.682 statistics: info: XSTATS 1055374549 1055334949 RR=10561 RNXD=906 RFwdR=6850 RDupR=66 RFail=58 RFErr=0 RErr=10 RAXFR=0 RLame=50 ROpts=0 SSysQ=2310 SAns=14214 SFwdQ=6823 SDupQ=5221 SErr=3 RQ=21575 RIQ=0 RFwdQ=0 RDupQ=1628 RTCP=5 SFwdR=6850 SFail=0 SFErr=0 SNaAns=11919 SNXD=239Could you please check the attached complete log file? Hoping for your kind support. With Regards Nabin Limbu HealthNet Nepal Ph : 977-1-429722 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
