seltsame EDNS-Meldungen

15/02/2011 - 18:35 von Helmut | Report spam
Hallo alle miteinander,

ein von mir mitbetreuter Linux-Server meldet insgesamt unentwegt in "/
var/log/messages" Meldungen der Art

Feb 15 16:56:33 Arktur named[2613]: success resolving 'wmzoxojj.cc/A'
(in '.'?)
after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:56:33 Arktur named[2613]: success resolving 'irluxjxbhgt.cc/A' (in
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:56:33 Arktur named[2613]: success resolving 'igtshssw.info/A' (in
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:56:33 Arktur named[2613]: success resolving 'dqxajrolxai.com/A' (in
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:56:33 Arktur named[2613]: success resolving 'vhrmyrnbmm.biz/A' (in
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:56:33 Arktur named[2613]: success resolving 'yrnmamjouz.biz/A' (in
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:56:33 Arktur named[2613]: success resolving 'adfeje.com/A' (in '.'?)
after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:57:16 Arktur named[2613]: success resolving 'asfzdoetom.com/A' (in
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:57:16 Arktur named[2613]: success resolving 'sidhrbar.ws/A' (in '.'?)
after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:57:16 Arktur named[2613]: success resolving 'tstemvr.ws/A' (in '.'?)
after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:57:16 Arktur named[2613]: success resolving 'vuqqcmzi.ws/A' (in '.'?)
after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:57:16 Arktur named[2613]: success resolving 'onxnsmfa.org/A' (in '.'?)
after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:57:16 Arktur named[2613]: success resolving 'tzuijnqrtnf.ws/A' (in
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 16:57:16 Arktur named[2613]: success resolving 'dwanqizall.com/A' (in
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Feb 15 17:35:34 Arktur named[2613]: success resolving 'dnl-01.geo.kaspersky.com/
A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets


In den allermeisten Fàllen handelt es sich wohl pure Nonsens-/Wegwerf-
Namen, manchmal sind auch "sinnvolle" URLs dabei (wie hier die
allerletzte).

Ich habe bei einigen URLs nachgeschaut, wer sie vergeben hat: 1&1, TU
Georgia, ... , also (vermutlich) wild gemischt, da landet nicht alles
direkt bei 1 bösen Buben.

Auf dem Rechner làuft ISC-bind als Nameserver, Version 9.7.2_P3, er
versorgt ca. 150 Clients mit dem Internet.

Wie könnte ich einigermassen einfach herausfinden, wer den Nameserver
nach den vielen URLs befragt? Ich tippe ja auf irgendeinen
angeschlossenen Client (fast immer Windows).

Viele Gruesse
Helmut

"Ubuntu" - an African word, meaning "Slackware is too hard for me".
 

Lesen sie die antworten

#1 Thomas Hochstein
15/02/2011 - 21:12 | Warnen spam
Helmut Hullen schrieb:

ein von mir mitbetreuter Linux-Server meldet insgesamt unentwegt in "/
var/log/messages" Meldungen der Art

Feb 15 16:56:33 Arktur named[2613]: success resolving 'wmzoxojj.cc/A'
(in '.'?)
after reducing the advertised EDNS UDP packet size to 512 octets


[...]

Vielleicht solltest Du das BIND-Logging runterdrehen.

-thh

Ähnliche fragen