Hi, I enabled the logs in DNS server and i found below lines from this client continiously.. 1/10/2012 9:14:30 AM 0FDC PACKET 0000000005B489B0 UDP Snd <Client IP> 1f23 Q [0005 A D NOERROR] TXT (7)version(4)bind(0) 1/10/2012 9:14:30 AM 0FDC PACKET 0000000007342360 UDP Rcv <Client IP> c63c Q [0005 A D NOERROR] TXT (7)version(4)bind(0) 1/10/2012 9:14:30 AM 0FDC PACKET 0000000007342360 UDP Snd <Client IP> c63c Q [0005 A D NOERROR] TXT (7)version(4)bind(0) 1/10/2012 9:14:30 AM 0FDC PACKET 0000000004D728F0 UDP Rcv <Client IP> a96a Q [0005 A D NOERROR] TXT (7)version(4)bind(0) Is it something to do with Malticast DNS. Can you give me more details about Multicast DNS Regards Papdheen M
--- On Mon, 9/1/12, Fajar A. Nugraha <w...@fajar.net> wrote: From: Fajar A. Nugraha <w...@fajar.net> Subject: Re: huge count of DNS deny hits To: "babu dheen" <babudh...@yahoo.co.in> Cc: bind-users@lists.isc.org Date: Monday, 9 January, 2012, 12:16 PM On Mon, Jan 9, 2012 at 1:37 PM, babu dheen <babudh...@yahoo.co.in> wrote: > Unfortunately, i have not enabled logs in my internal DNS server. You just dismissed the only reliable source of information > > Any idea .. Without logs, you only have assumptions. The best assumption at this point is that the client probably has a virus/malware, whose activity (one of them anyway) is to look for vulnerable DNS servers. -- Fajar
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
