[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: [Full-Disclosure] Question for DNS pros

To: "'Paul Schmehl'" <pauls@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: FW: [Full-Disclosure] Question for DNS pros
From: "Paul Rolland" <rol@xxxxxxxxx>
Date: Mon, 26 Jul 2004 08:58:48 +0200

Hello,

> I've altered the real hostname on our network to "targethost" 
> and altered 
> the querying IP to x.x.x.x for privacy reasons.  All these 
> queries are 
> *from* the same host.  This pattern is *typical* of what I'm 
> seeing from a 
> *number of diverse hosts* from all over the world.
> 
> 22:06:10.294071 x.x.x.x.2566 > 
> targethost.utdallas.edu.domain:  29462 NS? . 
> (17)
> 22:06:11.043050 x.x.x.x.2566 > 
> targethost.utdallas.edu.domain:  29463 NS? . 
> (17)
> 22:06:11.791218 x.x.x.x.2566 > 
> targethost.utdallas.edu.domain:  29464 NS? . 
> (17)

Seems to be a query for the NS for the "." (root) zone.
The machine sending the queries is probably configured to use
your server as a complete DNS resolver and transfer all its queries
to your server.

Regards,
Paul

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: Paul Schmehl

References:
- Re: FW: [Full-Disclosure] Question for DNS pros
  - From: Paul Schmehl

Prev by Date: Re: [Full-Disclosure] (no subject)
Next by Date: [Full-Disclosure] [ GLSA 200407-19 ] Pavuk: Digest authentication helper buffer overflow
Previous by thread: Re: FW: [Full-Disclosure] Question for DNS pros
Next by thread: Re: FW: [Full-Disclosure] Question for DNS pros
Index(es):
- Date
- Thread