Re: huge count of DNS deny hits

2012-01-11 Thread babu dheen
Thanks Fajr.   I will handle it further.   Regards Babu --- On Wed, 11/1/12, Fajar A. Nugraha wrote: From: Fajar A. Nugraha Subject: Re: huge count of DNS deny hits To: "babu dheen" Cc: bind-users@lists.isc.org Date: Wednesday, 11 January, 2012, 1:59 PM On Wed, Jan 11, 2012

Re: huge count of DNS deny hits

2012-01-11 Thread Fajar A. Nugraha
On Wed, Jan 11, 2012 at 1:27 PM, babu dheen wrote: > > Dear Fajar, > >  Below logs taken from Internal DNS server running in Microsoft DNS. Then why did you ask this list instead of contacting MS support? > I checked with client AV status, everything is fine( system is up to date > with DAT fro

Re: huge count of DNS deny hits

2012-01-10 Thread babu dheen
different DNS server but DNS flood query is being sent to another DNS server   Regards Babu --- On Wed, 11/1/12, Fajar A. Nugraha wrote: From: Fajar A. Nugraha Subject: Re: huge count of DNS deny hits To: "babu dheen" Cc: bind-users@lists.isc.org Date: Wednesday, 11 January, 2012

Re: huge count of DNS deny hits

2012-01-10 Thread Fajar A. Nugraha
On Wed, Jan 11, 2012 at 12:11 PM, babu dheen wrote: > > Hi, > > I enabled the logs in DNS server and i found  below lines from this client > continiously.. > > 1/10/2012 9:14:30 AM 0FDC PACKET  05B489B0 UDP Snd > 1f23   Q [0005 A D   NOERROR] TXT    (7)version(4)bind(0) > 1/10/2012 9

Re: huge count of DNS deny hits

2012-01-10 Thread babu dheen
something to do with Malticast DNS. Can you give me more details about Multicast DNS   Regards Papdheen M --- On Mon, 9/1/12, Fajar A. Nugraha wrote: From: Fajar A. Nugraha Subject: Re: huge count of DNS deny hits To: "babu dheen" Cc: bind-users@lists.isc.org Date: Monday, 9 January, 2

Re: huge count of DNS deny hits

2012-01-08 Thread Fajar A. Nugraha
On Mon, Jan 9, 2012 at 1:37 PM, babu dheen wrote: > Unfortunately, i have not enabled logs in my internal DNS server. You just dismissed the only reliable source of information > > Any idea .. Without logs, you only have assumptions. The best assumption at this point is that the client probably

Re: huge count of DNS deny hits

2012-01-08 Thread babu dheen
  Any idea ..   Regards Babu --- On Mon, 9/1/12, Sebastian Tymków wrote: From: Sebastian Tymków Subject: Re: huge count of DNS deny hits To: "babu dheen" Date: Monday, 9 January, 2012, 1:39 AM Hello, Did you check, what kind of queries your client performed ? Sometimes I saw on my D

huge count of DNS deny hits

2012-01-08 Thread babu dheen
Dear All,   Today we have noticed one peculier issue in our firewall logs. We have internal DNS server running in bind which is protected by firewall. All clients are allowed to perform DNS lookup using our BIND internal DNS server( so only UDP 53 is allowed from LAN to DNS server in firewall)