Possible attack? Funny DNS requests
Results 1 to 4 of 4

Thread: Possible attack? Funny DNS requests

  1. #1
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001

    Possible attack? Funny DNS requests

    Hi there i am wondering if anyone can help me out. I have a Linux server hosting about 70 domains. Lately i have been noticing in my logs /var/log/messages following requests

    Feb 10 02:43:42 gipsy named[572]: lame server resolving '' (in 'ipwhois.rfc-ignorant.org'?):
    Feb 10 02:43:55 gipsy named[572]: lame server resolving '' (in 'ipwhois.rfc-ignorant.org'?):

    Sometimes its up to three a second. Searched on google for similar behavior and found nothing. Has anyone seen this before? Could it be that my server is blacklisted? Or could it be some kind of hack?

  2. #2
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Hello bAgZ,

    As I can see it I think there is a problem in your DNS config as at the end of the lines you copied in you post you can see the home address.

    Now I could be mistaking but I think you need to check your config.

    Also if you google just a portion of the log like lame server resolving you can find lots of articles about your specific problem , just click the link and click on the first article there ..you'll find some interesting stuff allready.
    If you DIG a bit deeper I'm sure you'll find lots more.


    Back when I was a boy, we carved our own IC's out of wood.

  3. #3
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    A lame server is a DNS server that claims to be or should be authorative for a zone but isnt. Theres plenty of these out there.


    if you dont want them logged, just change /etc/named.conf.

    logging {
    category lame-servers {null; };
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  4. #4
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Thanks for thehelp. Just to clarify i do run a DNS server and never had any problems this only started from 9 feb. Anyway i will look into the config one more time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts