[Pdns-users] iprange is hitting my dns servers
Otto Moerbeek
otto at drijf.net
Wed Jun 10 09:06:19 UTC 2020
On Wed, Jun 10, 2020 at 09:53:43AM +0200, Steffan via Pdns-users wrote:
> No there not its a ip[range here in the country
> Ans looks like it is connected to ADSL lines
>
> But is it harmless?
Yes. The message is a bit cryptic but it means the auth server
supplied an answer containing trailing garbage.
-Otto
>
>
>
> Met vriendelijke groet,
>
> Steffan Noord
>
>
>
> Van: Frank Louwers <frank+pdns at tembo.be>
> Verzonden: woensdag 10 juni 2020 09:41
> Aan: steffannoord at gmail.com; pdns-users-ml <pdns-users at mailman.powerdns.com>
> Onderwerp: Re: [Pdns-users] iprange is hitting my dns servers
>
>
>
> Hi Steffan,
>
>
>
> It smells like a bunch of Windows clients that all want to lookup a
> DomainController... (all capitals, DC, ... typical MS naming conventions)
>
>
>
> Are the 195.121.82.103-195.121.82.139 ips under your control?
>
>
>
> Best of luck hunting :)
>
>
>
> Frank
>
>
>
>
>
> On 10 Jun 2020, at 08:32, Steffan via Pdns-users
> <pdns-users at mailman.powerdns.com <mailto:pdns-users at mailman.powerdns.com> >
> wrote:
>
>
>
>
>
> On 06/08/2020 8:12 PM Steffan via Pdns-users <
> <mailto:pdns-users at mailman.powerdns.com> pdns-users at mailman.powerdns.com>
> wrote:
>
>
>
>
>
> Hello,
>
>
>
> Im rusiing 4.1.13-1pdns.el7
>
> I just noticed a lot of these lines
>
> Jun 8 19:55:08 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/DS> KS-DC-01.ksprofiel.nl/DS (All data was not
> consumed) sending out servfail
>
> Jun 8 19:55:08 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/AAAA> KS-DC-01.ksprofiel.nl/AAAA (All data was
> not consumed) sending out servfail
>
> Jun 8 19:55:08 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/A> KS-DC-01.ksprofiel.nl/A (All data was not
> consumed) sending out servfail
>
> Jun 8 19:55:10 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/A> KS-DC-01.ksprofiel.nl/A (All data was not
> consumed) sending out servfail
>
> Jun 8 19:55:10 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/DS> KS-DC-01.ksprofiel.nl/DS (All data was not
> consumed) sending out servfail
>
> Jun 8 19:55:10 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/DS> KS-DC-01.ksprofiel.nl/DS (All data was not
> consumed) sending out servfail
>
> Jun 8 19:55:10 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/AAAA> KS-DC-01.ksprofiel.nl/AAAA (All data was
> not consumed) sending out servfail
>
> Jun 8 19:55:10 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/A> KS-DC-01.ksprofiel.nl/A (All data was not
> consumed) sending out servfail
>
> Jun 8 19:55:10 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/DS> KS-DC-01.ksprofiel.nl/DS (All data was not
> consumed) sending out servfail
>
> Jun 8 19:55:10 ns2 pdns_server: Exception building answer packet for
> <http://ks-dc-01.ksprofiel.nl/AAAA> KS-DC-01.ksprofiel.nl/AAAA (All data was
> not consumed) sending out servfail
>
>
>
> When debugging i see one iprange over and over and over again.
>
>
>
>
>
> Jun 8 20:10:24 ns3 pdns_server: Remote 195.121.82.135 wants '
> <http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|A', do = 1, bufsize =
> 1232: packetcache MISS
>
> Jun 8 20:10:24 ns3 pdns_server: Remote 195.121.82.139 wants '
> <http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|AAAA', do = 1, bufsize
> = 1232: packetcache MISS
>
> Jun 8 20:10:24 ns3 pdns_server: Remote 195.121.82.111 wants '
> <http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|AAAA', do = 1, bufsize
> = 1232: packetcache MISS
>
> Jun 8 20:10:24 ns3 pdns_server: Remote 195.121.82.103 wants '
> <http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|A', do = 1, bufsize =
> 1232: packetcache MISS
>
> Jun 8 20:10:27 ns3 pdns_server: Remote 195.121.82.111 wants '
> <http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|DS', do = 1, bufsize =
> 1232: packetcache MISS
>
> Jun 8 20:10:27 ns3 pdns_server: Remote 195.121.82.111 wants '
> <http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl|A', do = 1, bufsize =
> 1232: packetcache MISS
>
>
>
> Soemthimes it is a packetcache HIT (another domain)
>
>
>
> Is this some kind of hakking attempt or normal ?
>
>
>
>
>
> Met vriendelijke groet,
>
> Steffan Noord
>
> _______________________________________________
> Pdns-users mailing list
> <mailto:Pdns-users at mailman.powerdns.com> Pdns-users at mailman.powerdns.com
> <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
>
> >Seems like you have something wrong with those records. All data was not
> consumed happens when there is something left after parsing the record data.
>
>
> >Try pdnssec/pdnsutil check-zone and if you cant figure it out post
> unredacted problem records.
>
> >
>
> >Aki
>
>
>
>
>
> Hello Aki,
>
> ' <http://ks-dc-01.ksprofiel.nl/> KS-DC-01.ksprofiel.nl does not exsist in
> the dns so that is correct
>
> <http://ksprofiel.nl/> Ksprofiel.nl is.
>
>
>
> _______________________________________________
> Pdns-users mailing list
> <mailto:Pdns-users at mailman.powerdns.com> Pdns-users at mailman.powerdns.com
> <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list