[ On Thursday, January 17, 2002 at 20:22:52 (-0600), measlat_private wrote: ] > Subject: Re: Unusual DNS requests (not related to previous DNS thread) > > Sorry I failed to post the mask (/24). And I thoroughly realize that even as > a /24 this is not necessarily an "invalid" request, merely a > "strange" request for a machine not local to the subnet. It's not even vaguely strange. PLEASE read RFC 1101!!!!! Even if the zone "xxx.xxx.xx.in-addr.arpa" (for whatever value of 'x's you curiously obfuscated for no possibly valid reason -- information published in the DNS is public knowledge, by definition) is not officially delegated to your nameserver, it's not unlikely for some other mis-configured nameserver to believe yours might be able to answer such a query. Finally it's entirely possible some curious soul was simply asking your nameserver directly if it knew any network name for that IP network. In the end NO properly formed DNS query is ever "strange" or "freaky" or even unexpected, even if there's no nameserver advertised at the destination address! Expect anything -- you will get it. -- Greg A. Woods +1 416 218-0098; <gwoodsat_private>; <g.a.woodsat_private>; <woodsat_private> Planix, Inc. <woodsat_private>; VE3TCP; Secrets of the Weird <woodsat_private> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 18 2002 - 08:40:14 PST