[GLLUG] Spurious DNS zone notifications

James Hawtin oolon at ankh.org
Sun May 3 01:22:31 UTC 2015



On 03/05/2015 00:15, Robert McKay wrote:
> On 2015-05-02 12:29, John Winters wrote:
>> I've just configured a VPS as a secondary DNS server.
>>
>> Within minutes of setting it up, it started getting spurious zone
>> notifications from unknown IP addresses, e.g.:
>>
>> May  2 12:21:51 nimbus named[830]: client 66.109.111.132#55010: received
>> notify for zone 'griffen.org.uk'
>> May  2 12:21:51 nimbus named[830]: zone griffen.org.uk/IN: refused
>> notify from non-master: 66.109.111.132#55010
>>
>> Is this a known attempted exploit, or is there a legitimate reason why
>> other servers think they should be updating mine?  I've tried google
>> searching, but can find no reference to it.
>
> 66.109.111.232 aka anycast.ash.layer42.net is serving an up-to-date 
> griffen.org.uk zone.. most likely it's some arrangement you had with a 
> previous ISP and forgot to tell them you'd moved on?
>
> Rob
>
Or if the zone is not yours, you have got a dirty IP where someone else 
has previously been running a DNS server. (and forgot to update the 
forwarders).

James



More information about the GLLUG mailing list