LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-18-2004, 05:46 AM   #1
neiljt
LQ Newbie
 
Registered: Nov 2002
Location: Canewdon, UK
Distribution: CentOS
Posts: 27

Rep: Reputation: 15
Mysterious DNS Lookups on private host


n/m.

Last edited by neiljt; 08-20-2004 at 04:00 AM.
 
Old 08-28-2004, 05:00 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Even if you found out yourself what it was all about, it would still be interesting to know what the problem (if any) was. It could help any of your fellow LQ members.
 
Old 08-28-2004, 11:02 AM   #3
neiljt
LQ Newbie
 
Registered: Nov 2002
Location: Canewdon, UK
Distribution: CentOS
Posts: 27

Original Poster
Rep: Reputation: 15
Acknowledged, & agreed

I deleted the original post because I thought my question was badly expressed. I wanted to do more research before reposting properly.

When I started this reply, I was none the wiser. But a lightbulb just went on over my head, and I realised what was happening. An explanation follows for your amusement.

For anyone interested, the original question related to the logging of DNS lookups in the dead of night from a FC2 installation running BIND 9.2.3. I forget why now, but I had reason to switch on query logging for named, and I noticed that batches of reverse lookups were being logged against the local interface:

Code:
Aug 28 16:01:01 kermit named[20621]: Aug 28 16:01:01.176 queries: client 127.0.0.1#33262: query: 189.116.129.160
.in-addr.arpa IN PTR
Aug 28 16:01:02 kermit named[20621]: Aug 28 16:01:02.447 queries: client 127.0.0.1#33262: query: 6.128.81.211.in
-addr.arpa IN PTR
Aug 28 16:01:11 kermit named[20621]: Aug 28 16:01:11.807 queries: client 127.0.0.1#33264: query: 6.128.81.211.in
-addr.arpa IN PTR
Aug 28 16:01:21 kermit named[20621]: Aug 28 16:01:21.081 queries: client 127.0.0.1#33264: query: 124.168.229.165
.in-addr.arpa IN PTR
Aug 28 16:01:24 kermit named[20621]: Aug 28 16:01:24.052 queries: client 127.0.0.1#33264: query: 29.254.39.61.in
-addr.arpa IN PTR
This seemed a bit spooky, as I couldn't think what could be doing the lookups.

Well this afternoon at last I could think, and I remembered that I have an hourly cron job called "fwlogwatch". Boy, I am dumb sometimes. Maybe I knew it subliminally, and that's what made my hand delete the post.

OK, you can all throw rotten tomatoes at me now.

Seriously, thanks to unSpawn for nudging me.
 
Old 08-31-2004, 07:31 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
NP. Determining traffic origins sometimes keep me busy too...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Webalizer with DNS lookups jnichel Linux - Software 21 01-23-2009 11:13 AM
sendmail dns lookups davidsrsb Linux - Networking 1 06-09-2005 09:35 PM
Caching DNS lookups vikasa Linux - Networking 0 06-26-2003 12:30 PM
Host lookups fail at first, but then succeed consistently. mikeyt_333 Linux - Networking 1 08-23-2002 01:22 AM
Reverse DNS Lookups ascii2k Linux - Networking 2 08-08-2001 09:01 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration