Security Basics mailing list archives
Re: Wierd named log..
From: blade- <blade- () crytec net>
Date: Tue, 17 Feb 2004 10:03:02 +1100
I had this to and got help off the bind mailing list, here is the responce: Just an addition: I've seen the same errors on our servers and I = wondered where these request come from. Upon stracing 'named' I found = out that it spits out these warnings when trying to look up anything = from 'relays.monkeys.com', a now defunct DNS based black list. Evidently they tried to blackhole all dnsbl queries to their db to make = people stop using their defunct service: ------ # dig @66.60.159.24 relays.monkeys.com NS =20 relays.monkeys.com. 86400 IN NS = bogus-maximus.monkeys.com. ;; ADDITIONAL SECTION: bogus-maximus.monkeys.com. 86400 IN A 244.254.254.254 ------ They changed the NS record to this bogus IP recently, that's why people = start seeing these errors. Of cource, as Mark pointed out, the right solutions is to filter = 240.0.0.0/4 entirely. If you cannot filter for some reason then you = still could add "relays.monkeys.com" as a primary zone with no data =(except SOA + NS) in it and your problems are gone
John Pennington wrote:
In-Reply-To: <00c301c3f1b4$3239ec50$0201000a@wlsn002>I just noticed today a strange msg that keeps showing up in my log files, that only started today, but is constantly happening.. any info you could give me would be greatly apreciated :) Here is the snip from the log.. Feb 12 14:51:51 ns1 named[3496]: socket.c:1100: unexpected error: Feb 12 14:51:51 ns1 named[3496]: internal_send: 244.254.254.254#53: Invalid argument Feb 12 14:51:52 ns1 named[3496]: socket.c:1100: unexpected error: Feb 12 14:51:52 ns1 named[3496]: internal_send: 244.254.254.254#53: Invalid argument Feb 12 14:51:52 ns1 named[3496]: socket.c:1100: unexpected error: Feb 12 14:51:52 ns1 named[3496]: internal_send: 244.254.254.254#53: Invalid argument ~Chris~Upon checking our servers, I find all our four servers are recording this error too, only in the last few days -- JP --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Wierd named log.. Chris (Feb 13)
- <Possible follow-ups>
- RE: Wierd named log.. Shawn Jackson (Feb 16)
- Re: Wierd named log.. John Pennington (Feb 16)
- Re: Wierd named log.. blade- (Feb 17)
- Re: Wierd named log.. Michael Hayes (Feb 17)
- RE: Wierd named log.. Nick Soulliere (Feb 17)
- RE: Wierd named log.. Shawn Jackson (Feb 17)
- RE: Wierd named log.. John [JP] Pennington (Feb 17)
- Re: Wierd named log.. Michael Hayes (Feb 18)
- RE: Wierd named log.. John [JP] Pennington (Feb 17)