Security Basics mailing list archives

Re: Wierd named log..

From: blade- <blade- () crytec net>
Date: Tue, 17 Feb 2004 10:03:02 +1100

I had this to and got help off the bind mailing list, here is the responce:

Just an addition: I've seen the same errors on our servers and I =
wondered where these request come from. Upon stracing 'named' I found =
out that it spits out these warnings when trying to look up anything =
from 'relays.monkeys.com', a now defunct DNS based black list.

Evidently they tried to blackhole all dnsbl queries to their db to make =
people stop using their defunct service:

------
# dig @66.60.159.24 relays.monkeys.com NS              =20

relays.monkeys.com.     86400   IN      NS      =
bogus-maximus.monkeys.com.

;; ADDITIONAL SECTION:
bogus-maximus.monkeys.com. 86400 IN     A       244.254.254.254
------

They changed the NS record to this bogus IP recently, that's why people =
start seeing these errors.

Of cource, as Mark pointed out, the right solutions is to filter =
240.0.0.0/4 entirely. If you cannot filter for some reason then you =
still could add "relays.monkeys.com" as a primary zone with no data =

(except SOA + NS) in it and your problems are gone



John Pennington wrote:

In-Reply-To: <00c301c3f1b4$3239ec50$0201000a@wlsn002>

I just noticed today a strange msg that keeps showing up in my log files,
that only started today, but is constantly happening.. any info you could
give me would be greatly apreciated :)

Here is the snip from the log..

Feb 12 14:51:51 ns1 named[3496]: socket.c:1100: unexpected error:
Feb 12 14:51:51 ns1 named[3496]: internal_send: 244.254.254.254#53: Invalid
argument
Feb 12 14:51:52 ns1 named[3496]: socket.c:1100: unexpected error:
Feb 12 14:51:52 ns1 named[3496]: internal_send: 244.254.254.254#53: Invalid
argument
Feb 12 14:51:52 ns1 named[3496]: socket.c:1100: unexpected error:
Feb 12 14:51:52 ns1 named[3496]: internal_send: 244.254.254.254#53: Invalid
argument

~Chris~


Upon checking our servers, I find all our four servers are recording this error too, only in the last few days

--
JP

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

Current thread:

Wierd named log.. Chris (Feb 13)
- <Possible follow-ups>
- RE: Wierd named log.. Shawn Jackson (Feb 16)
- Re: Wierd named log.. John Pennington (Feb 16)
  - Re: Wierd named log.. blade- (Feb 17)
  - Re: Wierd named log.. Michael Hayes (Feb 17)
  - RE: Wierd named log.. Nick Soulliere (Feb 17)
- RE: Wierd named log.. Shawn Jackson (Feb 17)
  - RE: Wierd named log.. John [JP] Pennington (Feb 17)
    - Re: Wierd named log.. Michael Hayes (Feb 18)