Named requests filling up T1

Steve Suhre cheesiest at
Tue Jan 17 01:37:13 PST 2006

Thanks, I think that's what I was looking for. I expect the "ISP" is in 
another country somewhere and would be hard to reach, if they could be 
reached at all. And it's probably a bad reference somewhere to the 
server here, so shutting of recursive queries could help... If I shut 
named off for an hour or two they go away, so I'm guessing the offending 
server switches to the secondary and gets what it's looking for?


Mike Silbersack wrote:

>>Thanks Matt,
>>The answer to both is no. The domain doesn't resolve either
>>( It looks like the source IP changes too...sigh.... I tried
>>a whois on the source IP and it was not found, so it may be spoofed? Or
>>someone has a very messed up server...
>There was a thread on bugtraq about this, you're either being attacked or
>are being used to attack someone else.
>Reconfigure BIND so that it ignores recursive queries originating from
>outside your network - at least that will save your outbound bandwidth.
>Mike "Silby" Silbersack
>freebsd-hackers at mailing list
>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at"


Steve Suhre
steve at
719.439.6052 Cell
719.632.2897 Home

More information about the freebsd-hackers mailing list