ns_forw

ns_forw

Post by Ron Parke » Thu, 13 Apr 2000 04:00:00



I keep getting these every hour.  Maybe I'm just paranoid, but I've
heard there is a nameserver exploit going around where they overflow the
buffer with *or something.

How do I stop these, or should I even worry about them?

Apr 12 12:02:43 dns named[5549]: ns_forw:
query(11.64.128.204.in-addr.arpa) NS points to CNAME (FIRNSN.FIRN.EDU:)
Apr 12 12:12:12 dns named[5549]: ns_resp:
query(11.64.128.204.in-addr.arpa) NS points to CNAME (FIRNSN.FIRN.EDU:)
Apr 12 12:12:54 dns named[5549]: ns_forw:
query(11.64.128.204.in-addr.arpa) NS points to CNAME (FIRNSN.FIRN.EDU:)

--
Ron Parker
Software Creations            http://www.veryComputer.com/
TradeWinds Publishing         http://www.veryComputer.com/
TradePoint Los Angeles        http://www.veryComputer.com/
SiteDirector Security Server  http://www.veryComputer.com/
Civil War Online Library      http://www.veryComputer.com/

 
 
 

ns_forw

Post by Greg Whit » Fri, 14 Apr 2000 04:00:00



> I keep getting these every hour.  Maybe I'm just paranoid, but I've
> heard there is a nameserver exploit going around where they overflow the
> buffer with *or something.

> How do I stop these, or should I even worry about them?

> Apr 12 12:02:43 dns named[5549]: ns_forw:
> query(11.64.128.204.in-addr.arpa) NS points to CNAME (FIRNSN.FIRN.EDU:)
> Apr 12 12:12:12 dns named[5549]: ns_resp:
> query(11.64.128.204.in-addr.arpa) NS points to CNAME (FIRNSN.FIRN.EDU:)
> Apr 12 12:12:54 dns named[5549]: ns_forw:
> query(11.64.128.204.in-addr.arpa) NS points to CNAME (FIRNSN.FIRN.EDU:)

SNIP

_You_ can't stop it, because his nameserver really is a CNAME. NS
records for FIRN.EDU point to NS1.FERN.EDU, which is a CNAME for
FIRNSN.FIRN.EDU. This is a broken setup (NS and MX should never point to
CNAMEs). I do not think this has anything to do with a BIND exploit (but
you should make sure your BIND is up to date (8.2.2p5 last I
checked...).

GW

 
 
 

1. what is ns_resp,ns_forw??

my server syslog file contain below message..
-----------------------------------------------------------------
Mar 26 07:11:03 kert named[502]: ns_resp: query(www.aaa.com) contains our
address (NS.BBB.CO.KR:12.34.56.78)
Mar 26 07:11:05 kert named[502]: ns_forw: query(www.aaa.net) contains our
address (NS.BBB.CO.KR:12.34.56.78)
------------------------------------------------------------------
what is ns_resp,ns_forw in this message??
what do you mean ns_resp,ns_forw and
some case(what happen) it will record in log file..

i'm sorry that i can not english very well..
Any help would be greatly appreciated.
thanks, sadad

2. New driver in the kernel to make capture card work in OpenBSD 2.6

3. what is ns_resp,ns_forw in named ??

4. fdisk unable to read 3rd HD

5. DNS problem? ns_forw: query(somedomain.com) contains our address....

6. ppp and 2.2.17