Re: NAMED LOGS
* Mark Andrews [2013-07-23 06:42]: The method is described here (Figure 4): http://homes.cs.washington.edu/~gribble/papers/king.pdf Using a delegation is a technical detail. It's not different than sending a query directly to the zone servers. Send queries for domains that the server is NOT configured to accept is very different to sending queries for domains the server IS configured to accept. You just cost the rw adminstrators time and money investigation the source of unexpected traffic. You cost everyone on the list some time and money helping out the rw administrators. The actual cost of the traffic in inconsequential to the other costs that have resulted from your actions. TLD administrators actually need to look for abnormal traffic as they are high value targets. Ok, I see your point. I will use opt-in for further measurements. Regards, Matt -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg smime.p7s Description: S/MIME Kryptografische Unterschrift ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NAMED LOGS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2013-07-23 at 14:42 +1000, Mark Andrews wrote: You just cost the rw adminstrators time and money investigation the source of unexpected traffic. You cost everyone on the list some time and money helping out the rw administrators. There seems to be a common idea in many educational institutions that sending unwanted traffic in the name of research is ok. Jul 23 08:00:36 xx sendmail[22101]: r6NF0XFo022101: ruleset=check_rcpt, arg1=scan-ad...@umich.edu, relay=researchscan010.eecs.umich.edu [141.212.121.10], reject=550 5.7.1 scan-ad...@umich.edu... Relaying denied. Proper authentication required. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlHupYUACgkQL6j7milTFsFsvQCeMYqQ2Qu3JANjQ39ylFHEYhch 2HoAn04ApKLETRQnHvQW3uYPL6+bfeTv =24Q7 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NAMED LOGS
Hi Carl, There seems to be a common idea in many educational institutions that sending unwanted traffic in the name of research is ok. Which is why I have so many educational institutions are blacklisted in my firewall.. I nolonger report abuse, I simply add to the BL permanently now. 2 are whitelisted because they asked nicely, and they have something I want so its a mutual thing. There are a lot of others such as Anti-virus online scanners that check websites before the 'client' lands on the page, and pen testing companys that also think its fine to sling crp at anyones server for testing, or checking, with no hint of asking before doing so. Same basket as all the bots that read robots.txt then ignore it, because they can. This is becoming a bigger issue for many at present, especially when people like myself have limited bandwidth, though I check logs as well I nolonger investigate to much, I simply update the relevant conf file. Cheers Ian Manners Cheers Ian Manners http://www.os2site.com/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NAMED LOGS
It looks like those clients are trying to query your DNS server for www.minghui.org.s210.ip4.verteiltesysteme.net and are being denied. Steve On 22 July 2013 13:21, Grace Ingabire grac...@ricta.org.rw wrote: Dear Team, ** ** Does anyone know what is going on here? As I can’t understand why we do receive a lot of these messages in our logs. ** ** Jul 22 14:18:21 ns1 named[13045]: client 200.222.123.108#43576: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.140.4#25482: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.139.161#63987: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 46.39.192.1#39972: query (cache) ' www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.139.162#48785: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.148.23.5#37623: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 177.19.209.110#64974: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.45.48.238#30572: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.45.191.41#24254: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 46.39.192.1#6612: query (cache) ' www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 200.222.123.108#23817: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 82.209.195.12#61851: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 41.74.171.185#11223: update forwarding 'org.rw/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 78.136.107.50#58919: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 46.140.67.168#37418: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 200.40.220.201#4560: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 118.69.241.180#23006: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 84.232.1.100#52278: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 195.229.242.133#46507: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 200.40.220.194#23686: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#28150: query (cache) ' www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 84.232.1.100#61843: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 202.248.197.77#37917: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 61.220.10.137#1475: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#57197: query (cache) ' www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#35102: query (cache) ' www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 189.1.87.5#42806: query (cache) ' www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 196.3.132.118#21462: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 74.125.178.21#56160: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 201.228.140.7#64057: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 200.168.137.39#41361: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 189.1.84.126#63800: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 201.228.140.7#40111: query (cache)
Re: NAMED LOGS
On 07/22/13 20:21, Grace Ingabire wrote: Dear Team, Does anyone know what is going on here? As I cant understand why we do receive a lot of these messages in our logs. Jul 22 14:18:21 ns1 named[13045]: client 200.222.123.108#43576: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.140.4#25482: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.139.161#63987: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 46.39.192.1#39972: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.139.162#48785: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.148.23.5#37623: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 177.19.209.110#64974: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.45.48.238#30572: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.45.191.41#24254: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 46.39.192.1#6612: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 200.222.123.108#23817: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 82.209.195.12#61851: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 41.74.171.185#11223: update forwarding 'org.rw/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 78.136.107.50#58919: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 46.140.67.168#37418: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 200.40.220.201#4560: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 118.69.241.180#23006: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 84.232.1.100#52278: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 195.229.242.133#46507: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 200.40.220.194#23686: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#28150: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 84.232.1.100#61843: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 202.248.197.77#37917: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 61.220.10.137#1475: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#57197: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#35102: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 189.1.87.5#42806: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 196.3.132.118#21462: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 74.125.178.21#56160: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied
Re: NAMED LOGS
Date: Mon, 22 Jul 2013 14:21:51 +0200 From: Grace Ingabiregrac...@ricta.org.rw Dear Team, Does anyone know what is going on here? As I can't understand why we do receive a lot of these messages in our logs. Jul 22 14:18:21 ns1 named[13045]: client 200.222.123.108#43576: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.140.4#25482: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.139.161#63987: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 46.39.192.1#39972: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.139.162#48785: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.148.23.5#37623: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 177.19.209.110#64974: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.45.48.238#30572: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.45.191.41#24254: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 46.39.192.1#6612: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 200.222.123.108#23817: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 82.209.195.12#61851: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 41.74.171.185#11223: update forwarding 'org.rw/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 78.136.107.50#58919: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 46.140.67.168#37418: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 200.40.220.201#4560: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 118.69.241.180#23006: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 84.232.1.100#52278: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 195.229.242.133#46507: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 200.40.220.194#23686: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#28150: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 84.232.1.100#61843: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 202.248.197.77#37917: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 61.220.10.137#1475: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#57197: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#35102: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 189.1.87.5#42806: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 196.3.132.118#21462: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 74.125.178.21#56160: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 201.228.140.7#64057: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 200.168.137.39#41361: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 189.1.84.126#63800: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 201.228.140.7#40111: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:24 ns1 named[13045]: client 200.168.137.39#28376: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:25 ns1 named[13045]: client 46.39.192.1#36140: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:25 ns1
Re: NAMED LOGS
s210.ip4.verteiltesysteme.net has been delegated to you. See the address records in the referral. Complain to the parent zone administrators if this is in error otherwise configure your system to serve s210.ip4.verteiltesysteme.net. P.S. It would have helped matters if you had given the address of the name server receiving the queries. Fortunately there was enough in the logs to determine that you are a server for ORG.RW (ns1.ricta.ORG.RW 41.74.173.250) which gave a set of IP address to check. Mark ; DiG 9.10.0pre-alpha www.minghui.org.s210.ip4.verteiltesysteme.net @134.91.78.137 +norec ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 33218 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.minghui.org.s210.ip4.verteiltesysteme.net. IN A ;; AUTHORITY SECTION: s210.ip4.verteiltesysteme.net. 3600 IN NS ns.s210.ip4.verteiltesysteme.net. ;; ADDITIONAL SECTION: ns.s210.ip4.verteiltesysteme.net. 3600 IN A 41.74.173.250 ns.s210.ip4.verteiltesysteme.net. 3600 IN 2001:638:501:8efc::137 ;; Query time: 422 msec ;; SERVER: 134.91.78.137#53(134.91.78.137) ;; WHEN: Tue Jul 23 08:02:44 EST 2013 ;; MSG SIZE rcvd: 135 In message 011c01ce86d6$0b9bdb50$22d391f0$@ricta.org.rw, Grace Ingabire wri tes: Dear Team, Does anyone know what is going on here? As I can't understand why we do receive a lot of these messages in our logs. Jul 22 14:18:21 ns1 named[13045]: client 200.222.123.108#43576: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.140.4#25482: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.139.161#63987: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 46.39.192.1#39972: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 201.228.139.162#48785: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.148.23.5#37623: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 177.19.209.110#64974: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.45.48.238#30572: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:21 ns1 named[13045]: client 200.45.191.41#24254: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 46.39.192.1#6612: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 200.222.123.108#23817: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 82.209.195.12#61851: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 41.74.171.185#11223: update forwarding 'org.rw/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 78.136.107.50#58919: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 46.140.67.168#37418: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 200.40.220.201#4560: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 118.69.241.180#23006: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:22 ns1 named[13045]: client 84.232.1.100#52278: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 195.229.242.133#46507: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 200.40.220.194#23686: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#28150: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 84.232.1.100#61843: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 202.248.197.77#37917: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 61.220.10.137#1475: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied Jul 22 14:18:23 ns1 named[13045]: client 46.39.192.1#57197: query
Re: NAMED LOGS
Hi, Grace Ingabire writes: Does anyone know what is going on here? As I can't understand why we do receive a lot of these messages in our logs. Jul 22 14:18:21 ns1 named[13045]: client 200.222.123.108#43576: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied [...] I'm the zone owner of verteiltesysteme.net. What you're seeing there are queries by open resolvers (more accurately: forwarders of open resolvers). This is part of a research project to measure the effect of the DNS injection censorship method. www.minghui.org is a name being blocked by by the Great Firewall of China via DNS injection. By querying for www.minghui.org.SUFFIX we can test whether the open resolver has a clean, uncensored path to your TLD nameservers. I'll add the addresses of .rw to our blacklist, so you won't be seeing any more of these queries. Sorry for inconvenience. Let me know if you have further questions. Regards, Matthäus Wander -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NAMED LOGS
In message 51edcfad.5030...@uni-due.de, =?ISO-8859-15?Q?Matth=E4us_Wander?= w rites: Hi, Grace Ingabire writes: Does anyone know what is going on here? As I can't understand why we do receive a lot of these messages in our logs. Jul 22 14:18:21 ns1 named[13045]: client 200.222.123.108#43576: query (cache) 'www.minghui.org.s210.ip4.verteiltesysteme.net/A/IN' denied [...] I'm the zone owner of verteiltesysteme.net. What you're seeing there are queries by open resolvers (more accurately: forwarders of open resolvers). This is part of a research project to measure the effect of the DNS injection censorship method. www.minghui.org is a name being blocked by by the Great Firewall of China via DNS injection. By querying for www.minghui.org.SUFFIX we can test whether the open resolver has a clean, uncensored path to your TLD nameservers. How do you do that with a broken delegation? Did you think to ask before delegating a zone to a zone not configured for it? What does your Chancellor think about using uninformed third parties for experiments like this? I'll add the addresses of .rw to our blacklist, so you won't be seeing any more of these queries. Sorry for inconvenience. Let me know if you have further questions. Regards, Matthaus Wander -- University Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NAMED LOGS
* Mark Andrews [2013-07-23 03:36]: How do you do that with a broken delegation? Did you think to ask before delegating a zone to a zone not configured for it? What does your Chancellor think about using uninformed third parties for experiments like this? The method is described here (Figure 4): http://homes.cs.washington.edu/~gribble/papers/king.pdf Using a delegation is a technical detail. It's not different than sending a query directly to the zone servers. About sending queries unasked: I thought of the traffic this would cause, which should be a few queries per second on TLD servers and a few queries per minute on open resolvers. I do not expect this to have any negative operational effect. If you're having a different experience, or just don't like it as a matter of principle, let me know and I will stop sending packets to your server. Regards, Matt -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: NAMED LOGS
In message 51ede640.8040...@uni-due.de, =?ISO-8859-15?Q?Matth=E4us_Wander?= w rites: * Mark Andrews [2013-07-23 03:36]: How do you do that with a broken delegation? Did you think to ask before delegating a zone to a zone not configured for it? What does your Chancellor think about using uninformed third parties for experiments like this? The method is described here (Figure 4): http://homes.cs.washington.edu/~gribble/papers/king.pdf Using a delegation is a technical detail. It's not different than sending a query directly to the zone servers. Send queries for domains that the server is NOT configured to accept is very different to sending queries for domains the server IS configured to accept. You just cost the rw adminstrators time and money investigation the source of unexpected traffic. You cost everyone on the list some time and money helping out the rw administrators. The actual cost of the traffic in inconsequential to the other costs that have resulted from your actions. TLD administrators actually need to look for abnormal traffic as they are high value targets. Mark About sending queries unasked: I thought of the traffic this would cause, which should be a few queries per second on TLD servers and a few queries per minute on open resolvers. I do not expect this to have any negative operational effect. If you're having a different experience, or just don't like it as a matter of principle, let me know and I will stop sending packets to your server. Regards, Matt --=20 Universit=E4t Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
