From owner-freebsd-hackers@FreeBSD.ORG  Tue Jan 17 09:37:13 2006
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0C05E16A41F
	for <freebsd-hackers@freebsd.org>; Tue, 17 Jan 2006 09:37:13 +0000 (GMT)
	(envelope-from cheesiest@nano.net)
Received: from mail.smallweb.com (mail.smallweb.com [216.85.125.111])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7E54E43D4C
	for <freebsd-hackers@freebsd.org>; Tue, 17 Jan 2006 09:37:12 +0000 (GMT)
	(envelope-from cheesiest@nano.net)
Received: from [216.85.125.9] (sixpence.nano.net [216.85.125.9]) by
	mail.smallweb.com
	(Rockliffe SMTPRA 5.3.11) with ESMTP id <B0000722639@mail.smallweb.com>;
	Tue, 17 Jan 2006 02:39:17 -0700
Message-ID: <43CCBAC5.4060809@nano.net>
Date: Tue, 17 Jan 2006 02:37:09 -0700
From: Steve Suhre <cheesiest@nano.net>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Mike Silbersack <silby@silby.com>
References: <43CC59E7.6080505@nano.net>	<015901c61b15$898648a0$1200a8c0@gsicomp.on.ca>	<43CC65BC.9040005@nano.net>
	<44314.63.147.253.154.1137474098.squirrel@webmail7.pair.com>
In-Reply-To: <44314.63.147.253.154.1137474098.squirrel@webmail7.pair.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org
Subject: Re: Named requests filling up T1
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2006 09:37:13 -0000



Thanks, I think that's what I was looking for. I expect the "ISP" is in 
another country somewhere and would be hard to reach, if they could be 
reached at all. And it's probably a bad reference somewhere to the 
server here, so shutting of recursive queries could help... If I shut 
named off for an hour or two they go away, so I'm guessing the offending 
server switches to the secondary and gets what it's looking for?

Thanks!



Mike Silbersack wrote:

>>Thanks Matt,
>>
>>The answer to both is no. The domain doesn't resolve either
>>(v.tn.co.za). It looks like the source IP changes too...sigh.... I tried
>>a whois on the source IP and it was not found, so it may be spoofed? Or
>>someone has a very messed up server...
>>    
>>
>
>There was a thread on bugtraq about this, you're either being attacked or
>are being used to attack someone else.
>
>Reconfigure BIND so that it ignores recursive queries originating from
>outside your network - at least that will save your outbound bandwidth.
>
>Mike "Silby" Silbersack
>_______________________________________________
>freebsd-hackers@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>
>
>  
>


-- 



Steve Suhre
steve@pasta.net
719.439.6052 Cell
719.632.2897 Home