Date: Tue, 17 Jan 2006 02:37:09 -0700 From: Steve Suhre <cheesiest@nano.net> To: Mike Silbersack <silby@silby.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Named requests filling up T1 Message-ID: <43CCBAC5.4060809@nano.net> In-Reply-To: <44314.63.147.253.154.1137474098.squirrel@webmail7.pair.com> References: <43CC59E7.6080505@nano.net> <015901c61b15$898648a0$1200a8c0@gsicomp.on.ca> <43CC65BC.9040005@nano.net> <44314.63.147.253.154.1137474098.squirrel@webmail7.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, I think that's what I was looking for. I expect the "ISP" is in another country somewhere and would be hard to reach, if they could be reached at all. And it's probably a bad reference somewhere to the server here, so shutting of recursive queries could help... If I shut named off for an hour or two they go away, so I'm guessing the offending server switches to the secondary and gets what it's looking for? Thanks! Mike Silbersack wrote: >>Thanks Matt, >> >>The answer to both is no. The domain doesn't resolve either >>(v.tn.co.za). It looks like the source IP changes too...sigh.... I tried >>a whois on the source IP and it was not found, so it may be spoofed? Or >>someone has a very messed up server... >> >> > >There was a thread on bugtraq about this, you're either being attacked or >are being used to attack someone else. > >Reconfigure BIND so that it ignores recursive queries originating from >outside your network - at least that will save your outbound bandwidth. > >Mike "Silby" Silbersack >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > > -- Steve Suhre steve@pasta.net 719.439.6052 Cell 719.632.2897 Home
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43CCBAC5.4060809>