[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Question about Log Check security warnings.
- Subject: Re: [cobalt-users] Question about Log Check security warnings.
- From: flash22@xxxxxxx
- Date: Mon Mar 12 14:05:28 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Mon, 12 Mar 2001, Casselman, Chad wrote:
> My log check report is full of these entries
> >Mar 11 09:00:16 s1 named[11302]: bad referral (125.63.in-addr.arpa !<
> >65.125.63.in-addr.arpa) from [63.125.62.65].53
> Can someone tell me what they are and how to get rid of them?
They are caused by general brokenness in the reverse name space, for
example if i lookup the one above, i find that the server AUTH00.NS.UU.NET
tells me that i should find 65.125.63.in-addr.arpa using nameserver
NS1.GVEC.NET, but when i ask that nameserver it gives back a lame
answer...
Server: NS1.GVEC.NET
Non-authoritative answer:
65.125.63.in-addr.arpa nameserver = NS1.GVEC.NET
Authoritative answers can be found from:
65.125.63.in-addr.arpa nameserver = NS1.GVEC.NET
eg..it's confused ;)
This is often just a variation on 'lame server'
The reason you get a lot at once is probably from generating web
statistics which is converting large numbers of IP addresses back into
domain names...
You can tell the nameserver not to tell you about the errors, but the GUI
will just zap the line that does this, so the easiest thing is to tell
logcheck to ignore them...(they are mostly harmless)
If you want to do it anyway, it's something like this (look in the bind
docs for details on how to control logging)
logging { category response-checks { null; }; }
(First line of named.conf)
Note that this also suppresses potentially important messages tho, like
receiving corrupt responses, unrequested data, errors in returned data
(including yourself) so you might not really want to do that..
gsh
see also: http://www.deja.com/group/comp.protocols.dns.bind
search for windows2000 ;)