DNS unapproved AXFR

[Andrea Vettori <av () TSERVICETLC NET>]

Hi,

today I've noticed these lines in the logs (the ns allows transfer only
between the master and the slaves) :

Aug 19 16:55:31 ns named[9119]: unapproved AXFR from [140.233.20.99].1423
for "euromacchine.it" (acl)
Aug 19 16:56:30 ns named[9119]: unapproved AXFR from [140.233.20.99].1503
for "euromacchine.it" (acl)
Aug 19 23:32:04 ns named[9119]: unapproved AXFR from [203.75.204.245].1580
for "simatengineering.it" (acl)
Aug 19 23:59:57 ns named[9119]: unapproved AXFR from [140.233.20.99].1460
for "plas.it" (acl)
Aug 20 00:51:10 ns named[9119]: unapproved AXFR from [140.233.20.99].4574
for "niceforyou.it" (acl)

Can these prelude an attack on our primary DNS server ?

And why the AXFR on that domains and not on the other (.it, .com and .net)
the server contains ?

P.S.

We receive one scan a day on the usual ports (IMAP, POP2, >1024, ecc.).
Today someone has scan our servers for port 98 which iana port numbers says
it is bind to tacnews (that i don't know what is it).


Thank you

--
Ing. Andrea Vettori
Inetronics
An Internet Centric Company