LinuxQuestions.org - Mysterious DNS Lookups on private host

Acknowledged, & agreed :)

I deleted the original post because I thought my question was badly expressed. I wanted to do more research before reposting properly.

When I started this reply, I was none the wiser. But a lightbulb just went on over my head, and I realised what was happening. An explanation follows for your amusement.

For anyone interested, the original question related to the logging of DNS lookups in the dead of night from a FC2 installation running BIND 9.2.3. I forget why now, but I had reason to switch on query logging for named, and I noticed that batches of reverse lookups were being logged against the local interface:

Code:

Aug 28 16:01:01 kermit named[20621]: Aug 28 16:01:01.176 queries: client 127.0.0.1#33262: query: 189.116.129.160

.in-addr.arpa IN PTR

Aug 28 16:01:02 kermit named[20621]: Aug 28 16:01:02.447 queries: client 127.0.0.1#33262: query: 6.128.81.211.in

-addr.arpa IN PTR

Aug 28 16:01:11 kermit named[20621]: Aug 28 16:01:11.807 queries: client 127.0.0.1#33264: query: 6.128.81.211.in

-addr.arpa IN PTR

Aug 28 16:01:21 kermit named[20621]: Aug 28 16:01:21.081 queries: client 127.0.0.1#33264: query: 124.168.229.165

.in-addr.arpa IN PTR

Aug 28 16:01:24 kermit named[20621]: Aug 28 16:01:24.052 queries: client 127.0.0.1#33264: query: 29.254.39.61.in

-addr.arpa IN PTR

This seemed a bit spooky, as I couldn't think what could be doing the lookups.

Well this afternoon at last I could think, and I remembered that I have an hourly cron job called "fwlogwatch". Boy, I am dumb sometimes. Maybe I knew it subliminally, and that's what made my hand delete the post.

OK, you can all throw rotten tomatoes at me now. :)

Seriously, thanks to unSpawn for nudging me.