Re: [Pdns-users] iprange is hitting my dns servers

Wed, 10 Jun 2020 00:41:56 -0700 

Hi Steffan,

It smells like a bunch of Windows clients that all want to lookup a 
DomainController... (all capitals, DC, ... typical MS naming conventions)

Are the 195.121.82.103-195.121.82.139 ips under your control?

Best of luck hunting :)

Frank

> On 10 Jun 2020, at 08:32, Steffan via Pdns-users 
> <pdns-users@mailman.powerdns.com> wrote:
> 
>  
>> On 06/08/2020 8:12 PM Steffan via Pdns-users 
>> <pdns-users@mailman.powerdns.com <mailto:pdns-users@mailman.powerdns.com>> 
>> wrote: 
>>  
>>  
>> Hello,
>>  
>> Im rusiing 4.1.13-1pdns.el7
>> I just noticed a lot of these lines
>> Jun  8 19:55:08 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/DS <http://ks-dc-01.ksprofiel.nl/DS> (All data was not 
>> consumed) sending out servfail
>> Jun  8 19:55:08 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/AAAA <http://ks-dc-01.ksprofiel.nl/AAAA> (All data was 
>> not consumed) sending out servfail
>> Jun  8 19:55:08 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/A <http://ks-dc-01.ksprofiel.nl/A> (All data was not 
>> consumed) sending out servfail
>> Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/A <http://ks-dc-01.ksprofiel.nl/A> (All data was not 
>> consumed) sending out servfail
>> Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/DS <http://ks-dc-01.ksprofiel.nl/DS> (All data was not 
>> consumed) sending out servfail
>> Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/DS <http://ks-dc-01.ksprofiel.nl/DS> (All data was not 
>> consumed) sending out servfail
>> Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/AAAA <http://ks-dc-01.ksprofiel.nl/AAAA> (All data was 
>> not consumed) sending out servfail
>> Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/A <http://ks-dc-01.ksprofiel.nl/A> (All data was not 
>> consumed) sending out servfail
>> Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/DS <http://ks-dc-01.ksprofiel.nl/DS> (All data was not 
>> consumed) sending out servfail
>> Jun  8 19:55:10 ns2 pdns_server: Exception building answer packet for 
>> KS-DC-01.ksprofiel.nl/AAAA <http://ks-dc-01.ksprofiel.nl/AAAA> (All data was 
>> not consumed) sending out servfail
>>  
>> When debugging i see one iprange over and over and over again.
>>  
>>  
>> Jun  8 20:10:24 ns3 pdns_server: Remote 195.121.82.135 wants 
>> 'KS-DC-01.ksprofiel.nl <http://ks-dc-01.ksprofiel.nl/>|A', do = 1, bufsize = 
>> 1232: packetcache MISS
>> Jun  8 20:10:24 ns3 pdns_server: Remote 195.121.82.139 wants 
>> 'KS-DC-01.ksprofiel.nl <http://ks-dc-01.ksprofiel.nl/>|AAAA', do = 1, 
>> bufsize = 1232: packetcache MISS
>> Jun  8 20:10:24 ns3 pdns_server: Remote 195.121.82.111 wants 
>> 'KS-DC-01.ksprofiel.nl <http://ks-dc-01.ksprofiel.nl/>|AAAA', do = 1, 
>> bufsize = 1232: packetcache MISS
>> Jun  8 20:10:24 ns3 pdns_server: Remote 195.121.82.103 wants 
>> 'KS-DC-01.ksprofiel.nl <http://ks-dc-01.ksprofiel.nl/>|A', do = 1, bufsize = 
>> 1232: packetcache MISS
>> Jun  8 20:10:27 ns3 pdns_server: Remote 195.121.82.111 wants 
>> 'KS-DC-01.ksprofiel.nl <http://ks-dc-01.ksprofiel.nl/>|DS', do = 1, bufsize 
>> = 1232: packetcache MISS
>> Jun  8 20:10:27 ns3 pdns_server: Remote 195.121.82.111 wants 
>> 'KS-DC-01.ksprofiel.nl <http://ks-dc-01.ksprofiel.nl/>|A', do = 1, bufsize = 
>> 1232: packetcache MISS
>>  
>> Soemthimes it is a packetcache HIT (another domain)
>>  
>> Is this some kind of hakking attempt or normal ?
>>  
>>  
>> Met vriendelijke groet,
>> Steffan Noord 
>> _______________________________________________ 
>> Pdns-users mailing list 
>> Pdns-users@mailman.powerdns.com <mailto:Pdns-users@mailman.powerdns.com> 
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users 
>> <https://mailman.powerdns.com/mailman/listinfo/pdns-users> 
> >Seems like you have something wrong with those records. All data was not 
> >consumed happens when there is something left after parsing the record data. 
> >Try pdnssec/pdnsutil check-zone and if you cant figure it out post 
> >unredacted problem records. 
> > 
> >Aki 
>  
>  
> Hello Aki,
> 'KS-DC-01.ksprofiel.nl <http://ks-dc-01.ksprofiel.nl/> does not exsist in the 
> dns so that is correct
> Ksprofiel.nl <http://ksprofiel.nl/> is.
>  
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com <mailto:Pdns-users@mailman.powerdns.com>
> https://mailman.powerdns.com/mailman/listinfo/pdns-users 
> <https://mailman.powerdns.com/mailman/listinfo/pdns-users>

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to