[GLLUG] Spurious DNS zone notifications

Robert McKay robert at mckay.com
Sun May 3 00:14:44 UTC 2015


On 2015-05-02 12:29, John Winters wrote:
> I've just configured a VPS as a secondary DNS server.
>
> Within minutes of setting it up, it started getting spurious zone
> notifications from unknown IP addresses, e.g.:
>
> May  2 12:21:51 nimbus named[830]: client 66.109.111.132#55010: 
> received
> notify for zone 'griffen.org.uk'
> May  2 12:21:51 nimbus named[830]: zone griffen.org.uk/IN: refused
> notify from non-master: 66.109.111.132#55010
>
> Is this a known attempted exploit, or is there a legitimate reason 
> why
> other servers think they should be updating mine?  I've tried google
> searching, but can find no reference to it.

66.109.111.232 aka anycast.ash.layer42.net is serving an up-to-date 
griffen.org.uk zone.. most likely it's some arrangement you had with a 
previous ISP and forgot to tell them you'd moved on?

Rob



More information about the GLLUG mailing list