nanog mailing list archives
Re: is your host or dhcp server sending dns dynamic updates for rfc1918?
From: Greg Maxwell <gmaxwell () martin fl us>
Date: Fri, 19 Apr 2002 09:03:51 -0400 (EDT)
On Thu, 18 Apr 2002, Paul Vixie wrote: [snip]
what these files are is a whole lot of lines that look like (broken by me):
18-Apr-2002 16:16:05.491 security: notice: \
denied update from [63.198.141.30].2323 for "168.192.in-addr.arpa" IN
by "a whole lot" i mean we've logged 3.3M of these in the last four hours.
so who are these people and why are they sending dynamic updates for rfc1918
address space PTR's? second answer first: it's probably Windows' fault.
after a successful DHCP transaction, the corresponding A RR and PTR RR have
to be updated. if rfc1918 is in use, dns transactions about these PTR's
ought to be caught and directed toward some local server, who can do something
useful with them. this local capture often does not occur, and so these
dns transactions end up coming to us.
[snip] Does anyone already have a SNORT signature to match on these updates to aid in tracking down which hosts behind a NAT are guilty for generating this garbage?
Current thread:
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918?, (continued)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Randy Bush (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? bert hubert (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? bert hubert (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Paul Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? David Conrad (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Jeroen Massar (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Daniel Senie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Derek J. Balling (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for Paul Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for Bill Woodcock (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for Paul Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Greg Maxwell (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Valdis . Kletnieks (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Bruce Williams (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Valdis . Kletnieks (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Mike Parson (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Ukyo Kuonji (Apr 19)
- RE: is your host or dhcp server sending dns dynamic updates for rfc1918? Eric Germann (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Paul A Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Paul A Vixie (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Simon Higgs (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Pete Ehlke (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Simon Higgs (Apr 19)
- Re: is your host or dhcp server sending dns dynamic updates for rfc1918? Simon Higgs (Apr 19)