[Pdns-users] iprange is hitting my dns servers

steffannoord at gmail.com steffannoord at gmail.com
Wed Jun 10 07:53:43 UTC 2020 

No there not its a ip[range here in the country
Ans looks like it is connected to ADSL lines

But is it harmless?

 

Met vriendelijke groet,

Steffan Noord 

 

Van: Frank Louwers <frank+pdns at tembo.be> 
Verzonden: woensdag 10 juni 2020 09:41
Aan: steffannoord at gmail.com; pdns-users-ml <pdns-users at mailman.powerdns.com>
Onderwerp: Re: [Pdns-users] iprange is hitting my dns servers

 

Hi Steffan,

 

It smells like a bunch of Windows clients that all want to lookup a
DomainController... (all capitals, DC, ... typical MS naming conventions)

 

Are the 195.121.82.103-195.121.82.139 ips under your control?

 

Best of luck hunting :)

 

Frank





On 10 Jun 2020, at 08:32, Steffan via Pdns-users
<pdns-users at mailman.powerdns.com <mailto:pdns-users at mailman.powerdns.com> >
wrote:

 

 

On 06/08/2020 8:12 PM Steffan via Pdns-users <
<mailto:pdns-users at mailman.powerdns.com> pdns-users at mailman.powerdns.com>
wrote: 

 

 

Hello,

 

Im rusiing 4.1.13-1pdns.el7

I just noticed a lot of these lines

Jun  8 19:55:08 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/DS> KS-DC-01.ksprofiel.nl/DS (All data was not
consumed) sending out servfail

Jun  8 19:55:08 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/AAAA> KS-DC-01.ksprofiel.nl/AAAA (All data was
not consumed) sending out servfail

Jun  8 19:55:08 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/A> KS-DC-01.ksprofiel.nl/A (All data was not
consumed) sending out servfail

Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/A> KS-DC-01.ksprofiel.nl/A (All data was not
consumed) sending out servfail

Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/DS> KS-DC-01.ksprofiel.nl/DS (All data was not
consumed) sending out servfail

Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/DS> KS-DC-01.ksprofiel.nl/DS (All data was not
consumed) sending out servfail

Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/AAAA> KS-DC-01.ksprofiel.nl/AAAA (All data was
not consumed) sending out servfail

Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/A> KS-DC-01.ksprofiel.nl/A (All data was not
consumed) sending out servfail

Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/DS> KS-DC-01.ksprofiel.nl/DS (All data was not
consumed) sending out servfail

Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for
<http://ks-dc-01.ksprofiel.nl/AAAA> KS-DC-01.ksprofiel.nl/AAAA (All data was
not consumed) sending out servfail

 

When debugging i see one iprange over and over and over again.

 

 

Jun  8 20:10:24 ns3 pdns_server: Remote 195.121.82.135 wants '
<http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|A', do = 1, bufsize =
1232: packetcache MISS

Jun  8 20:10:24 ns3 pdns_server: Remote 195.121.82.139 wants '
<http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|AAAA', do = 1, bufsize
= 1232: packetcache MISS

Jun  8 20:10:24 ns3 pdns_server: Remote 195.121.82.111 wants '
<http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|AAAA', do = 1, bufsize
= 1232: packetcache MISS

Jun  8 20:10:24 ns3 pdns_server: Remote 195.121.82.103 wants '
<http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|A', do = 1, bufsize =
1232: packetcache MISS

Jun  8 20:10:27 ns3 pdns_server: Remote 195.121.82.111 wants '
<http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|DS', do = 1, bufsize =
1232: packetcache MISS

Jun  8 20:10:27 ns3 pdns_server: Remote 195.121.82.111 wants '
<http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|A', do = 1, bufsize =
1232: packetcache MISS

 

Soemthimes it is a packetcache HIT (another domain)

 

Is this some kind of hakking attempt or normal ?

 

 

Met vriendelijke groet,

Steffan Noord 

_______________________________________________ 
Pdns-users mailing list 
 <mailto:Pdns-users at mailman.powerdns.com> Pdns-users at mailman.powerdns.com 
 <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
https://mailman.powerdns.com/mailman/listinfo/pdns-users

 

>Seems like you have something wrong with those records. All data was not
consumed happens when there is something left after parsing the record data.


>Try pdnssec/pdnsutil check-zone and if you cant figure it out post
unredacted problem records. 

> 

>Aki 

 

 

Hello Aki,

' <http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl does not exsist in
the dns so that is correct

 <http://ksprofiel.nl/> Ksprofiel.nl is.

 

_______________________________________________
Pdns-users mailing list
 <mailto:Pdns-users at mailman.powerdns.com> Pdns-users at mailman.powerdns.com
 <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
https://mailman.powerdns.com/mailman/listinfo/pdns-users

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200610/657c18af/attachment.htm>

More information about the Pdns-users mailing list