New fresh DA full reinstall and DNS activity..

[CrustyDOD]

Hey,

A few days ago, i've reinstalled server with the latest version of DA and Debian 5.

Everything went OK during install, everything is working like it should..

But, i keep on getting this:

May 14 16:41:51 mercury named[2639]: client 91.202.63.129#59094: query (cache) './NS/IN' denied
May 14 16:41:52 mercury named[2639]: client 91.202.63.129#59438: query (cache) './NS/IN' denied
May 14 16:41:52 mercury named[2639]: client 91.202.63.129#22971: query (cache) './NS/IN' denied
May 14 16:41:52 mercury named[2639]: client 91.202.63.129#53793: query (cache) './NS/IN' denied
May 14 16:41:53 mercury named[2639]: client 91.202.63.129#58109: query (cache) './NS/IN' denied
May 14 16:41:53 mercury named[2639]: client 91.202.63.129#9685: query (cache) './NS/IN' denied
May 14 16:41:54 mercury named[2639]: client 91.202.63.129#60269: query (cache) './NS/IN' denied
May 14 16:41:55 mercury named[2639]: client 91.202.63.129#29539: query (cache) './NS/IN' denied
May 14 16:41:55 mercury named[2639]: client 91.202.63.129#12305: query (cache) './NS/IN' denied
May 14 16:41:55 mercury named[2639]: client 91.202.63.129#14484: query (cache) './NS/IN' denied
May 14 16:41:56 mercury named[2639]: client 91.202.63.129#22842: query (cache) './NS/IN' denied
May 14 16:41:56 mercury named[2639]: client 91.202.63.129#58431: query (cache) './NS/IN' denied
May 14 16:41:57 mercury named[2639]: client 91.202.63.129#8894: query (cache) './NS/IN' denied
May 14 16:41:57 mercury named[2639]: client 91.202.63.129#13779: query (cache) './NS/IN' denied
May 14 16:41:59 mercury named[2639]: client 91.202.63.129#44468: query (cache) './NS/IN' denied
May 14 16:41:59 mercury named[2639]: client 91.202.63.129#65081: query (cache) './NS/IN' denied
May 14 16:41:59 mercury named[2639]: client 91.202.63.129#14434: query (cache) './NS/IN' denied

Each second, 24 hours per day. The same thing all over again..

Any ideas if this is an attack or does my Bind do this because of some setting?

DA configuration was not changed, it is what DA sets.

Heeeeeelp

 

[nobaloney]

Did you copy over the named.conf file from the old install? This looks like an incorrect named.conf file.

Jeff

 

[AnthonyG70]

DDos

Your server is being used as part of a DDos attack against the IP. Best bet would be to just block outbound traffic to IP address, to stop your server from being part of problem.

I receive the same outbound IP...

May 20 02:13:00 secure named[29359]: client 91.202.63.129#520: error sending response: host unreachable

 

[ranz]

Good pickup ... also might be worth checking to see what version of named you are running and if there are any security patches - plus if there's any bad configuration (like recursive forwarding).