Anonymous_User Absent Member.
Absent Member.
4834 views

DNS giving up

Having problem with dns servers giving up, all external requests.
after a while, between 1-12 hours. The only way to get it to work is
unload load of named.
All this started just before x-mas, and before that the servers has
worked like a charm for month. And before that the where nw51.sp6 with
a similar problem like this.
Both servers a authoritative for my domains. and one or the other is
primary for the domains.
Both have read/write of root partition, where dns/dhcp resides.
No errors found in edir.

Configurations of the server is like this:

Server 1: nw65sp2, edir 8.7.3.3, tcp 6.57.09 (24 sept.-04)
named 6.03.06 (14 dec-04), this server also runnning dhcpsrvr 3.13.03
(3 dec-03)

Server 2: nw65sp2, edir 8.7.3.3, tcp 6.67.03, named 6.03.06

Non of the server is running anything else.

I have upgraded both servers to latest named and edir after the
problems started (if it works, don't fix it, especially just before a
long weekend) and tryied with the latest beta tcp on server 1.

Did have an overlock of RootServerInfo, and there where some small
problems, my servers auth. for rootserverinfo domain, must have come
with the migration, and a object under rootserverinfo, called
rootserverinfo, with my servers in it, this also from the migration I
guess. Removed these things, and added forward servers, which we
havent been using before.
Now the dns is alive for (last run) 12 hours.

has been running in -dl 1 -s for some time now to see whenever it
stops
Here are the server screens when the servers has stopped.

Server 1:
<snip>
info: Found correct number of counts in header
info: client 194.47.25.8#2390: Novell Dynamic Update : Query received
info: Failed in getting question name : Checking for StartStop /
Dynamic update query
info: Found correct number of counts in header
info: client 194.47.25.8#2391: Novell Dynamic Update : Query received
info: Starting the dynamic reconfiguration
info: Dynamic reconfiguration completed.
info: Failed in getting question name : Checking for StartStop /
Dynamic update query
info: Found correct number of counts in header
info: client 194.47.25.8#2392: Novell Dynamic Update : Query received
info: Failed in getting question name : Checking for StartStop /
Dynamic update query
info: Found correct number of counts in header
info: client 194.47.25.8#2393: Novell Dynamic Update : Query received
info: Failed in getting question name : Checking for StartStop /
Dynamic update query
info: Found correct number of counts in header
info: client 194.47.25.8#2394: Novell Dynamic Update : Query received
<end of screen>

server 2 mostly stops with a screen of dynamic update

Looks like it has something to do with the dynamic (re)configuration.

Also has done some small tweaks, just to see if it has any impact.
On both servers, under the advanced tab:
max-cache-TTL set down to 2 days, and
transfer format set to one-answer.
Didn't see any diffrence.

Please help someone....

Paul

----------------------------
Paul Thurn
Labels (1)
0 Likes
42 Replies
Anonymous_User Absent Member.
Absent Member.

Re: DNS giving up

In article <g507u0lgvv1nt5lb86kstsmr1k04uio4uv@4ax.com>, Paul Thurn
wrote:
> added forward servers, which we
> havent been using before.
> Now the dns is alive for (last run) 12 hours.
>

That may have solved it. Without forwarders, the server queries the
root servers directly -- if they're busy (MOST of the time!), it's
common to have timeouts occur. Using forwarders spreads the load and
generally makes external resolution more reliable. Let's give it more
time and see what happens...

bd
NSC Volunteer SysOp


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Re: DNS giving up

On Wed, 12 Jan 2005 04:41:21 GMT, Brad Doster <bd@NSCSysOps.net>
wrote:

>In article <g507u0lgvv1nt5lb86kstsmr1k04uio4uv@4ax.com>, Paul Thurn
>wrote:
>> added forward servers, which we
>> havent been using before.
>> Now the dns is alive for (last run) 12 hours.
>>

>That may have solved it. Without forwarders, the server queries the
>root servers directly -- if they're busy (MOST of the time!), it's
>common to have timeouts occur. Using forwarders spreads the load and
>generally makes external resolution more reliable. Let's give it more
>time and see what happens...
>
>bd
>NSC Volunteer SysOp
>

Sorry, to say that it didn't resolve the problem.
When the servers stops responding, no question from external sources
can be made, all they get is a time out.
But if i question the dns from internally, no questions are answered
except from my pc.
We have no firewalls, or any other equipment beetween the dns and the
i-net.
Ping from external source works (www.dnsstuff.com).

server 2 screen:
< snip >
info: Starting the dynamic reconfiguration
info: Dynamic reconfiguration completed.
info: Starting the dynamic reconfiguration
info: Dynamic reconfiguration completed.
info: Starting the dynamic reconfiguration
info: Dynamic reconfiguration completed.
debug 1: createfetch: www.dn.se ANY
debug 1: createfetch: www.hd.se ANY
debug 1: createfetch: www.hv.se ANY
debug 1: createfetch: www.hsv.se ANY
debug 1: begin cache cleaning, mem inuse 8055
info: Starting the dynamic reconfiguration
debug 1: flush_deletions: 43 nodes of 59 in tree
debug 1: no_references: delete from rbt: 88161080 ns.telia.com
debug 1: no_references: delete from rbt: 85203800 ns02.savvis.net
debug 1: no_references: delete from rbt: 88161440 www.lu.se
debug 1: no_references: delete from rbt: 88161200 www.rsv.se
debug 1: no_references: delete from rbt: 81ec7f00
solna.dns.songnetworks.se
debug 1: no_references: delete from rbt: 85203fc0 ns.telia.se
debug 1: no_references: delete from rbt: 85203700 ns1.telia.se
debug 1: no_references: delete from rbt: 85203380 ns10.telia.se
debug 1: no_references: delete from rbt: 852035c0 ns11.telia.se
debug 1: end cache cleaning, mem inuse 4907
info: Dynamic reconfiguration completed.
< end screen>

all the createfetch are my questions.

Im open for any suggestion......

Paul


----------------------------
Paul Thurn
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DNS giving up

Would you be willing to try a '-dl 3' log level? I'm wondering if it
might have some additional useful information. Also...

In article <g507u0lgvv1nt5lb86kstsmr1k04uio4uv@4ax.com>, Paul Thurn
wrote:
> Both have read/write of root partition, where dns/dhcp resides.
>

Are the zones being serviced there as well?

bd
NSC Volunteer SysOp


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Re: DNS giving up

On Wed, 12 Jan 2005 14:19:04 GMT, Brad Doster <bd@NSCSysOps.net>
wrote:

>Would you be willing to try a '-dl 3' log level? I'm wondering if it
>might have some additional useful information. Also...

no problem....
Do you just want the start up and a couple of minutes, or am I going
to let it go until the dns freezes??
both servers?

>
>In article <g507u0lgvv1nt5lb86kstsmr1k04uio4uv@4ax.com>, Paul Thurn
>wrote:
>> Both have read/write of root partition, where dns/dhcp resides.
>>

>Are the zones being serviced there as well?

All my zones.... some are primary on server1 and some on server2.
in-add-arpa for 194.47.24.0 - 194.47.47.254, and all *.hkr zones and
some small other thurn.com, thurn.se, mastvagen.nu... and some other
small zones.
>
>bd
>NSC Volunteer SysOp
>


----------------------------
Paul Thurn
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Re: DNS giving up

On Wed, 12 Jan 2005 14:19:04 GMT, Brad Doster <bd@NSCSysOps.net> wrote:

>Would you be willing to try a '-dl 3' log level? I'm wondering if it
>might have some additional useful information. Also...
>
>In article <g507u0lgvv1nt5lb86kstsmr1k04uio4uv@4ax.com>, Paul Thurn
>wrote:
>> Both have read/write of root partition, where dns/dhcp resides.
>>

>Are the zones being serviced there as well?
>
>bd
>NSC Volunteer SysOp
>

Have spooken to the network guys, and they did a dns flood check somhow.

There are other networks flooding our dns-servers with questions, the most i saw in the log where 152 qps (query per
second) from 195.47.247.52. I placed that one and some others from that net in blacklisted on dns server1, and gonna
wait out to see if any positive results comes up (uptime). 🙂

Paul

Jan 10 04:02:09 localhost syslogd 1.4.1: restart.
Jan 10 04:30:00 localhost dns_flood_detector[13856]: dns_flood_detector starting
Jan 10 05:00:02 localhost dns_flood_detector[13928]: dns_flood_detector starting
Jan 10 05:30:01 localhost dns_flood_detector[13983]: dns_flood_detector starting
Jan 10 06:00:00 localhost dns_flood_detector[14048]: dns_flood_detector starting
Jan 10 06:10:00 localhost dns_flood_detector[14049]: source [195.47.247.100] - 0 tcp qps - 8 udp qps
Jan 10 06:30:00 localhost dns_flood_detector[14112]: dns_flood_detector starting
Jan 10 07:00:00 localhost dns_flood_detector[14169]: dns_flood_detector starting
Jan 10 07:30:01 localhost dns_flood_detector[14244]: dns_flood_detector starting
Jan 10 07:39:01 localhost dns_flood_detector[14245]: source [195.47.247.100] - 0 tcp qps - 70 udp qps
Jan 10 07:39:01 localhost dns_flood_detector[14245]: source [195.47.247.200] - 0 tcp qps - 68 udp qps
Jan 10 08:00:00 localhost dns_flood_detector[14260]: dns_flood_detector starting
Jan 10 08:04:00 localhost dns_flood_detector[14261]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 10 08:29:00 localhost dns_flood_detector[14261]: source [194.47.33.210] - 0 tcp qps - 5 udp qps
Jan 10 08:30:02 localhost dns_flood_detector[14371]: dns_flood_detector starting
Jan 10 08:59:02 localhost dns_flood_detector[14372]: source [194.47.36.113] - 0 tcp qps - 4 udp qps
Jan 10 09:00:00 localhost dns_flood_detector[14427]: dns_flood_detector starting
Jan 10 09:04:00 localhost dns_flood_detector[14428]: source [194.47.36.131] - 0 tcp qps - 4 udp qps
Jan 10 09:30:00 localhost dns_flood_detector[14491]: dns_flood_detector starting
Jan 10 09:36:00 localhost dns_flood_detector[14492]: source [194.47.33.82] - 0 tcp qps - 6 udp qps
Jan 10 09:39:00 localhost dns_flood_detector[14492]: source [194.47.46.148] - 0 tcp qps - 5 udp qps
Jan 10 09:56:00 localhost dns_flood_detector[14492]: source [194.47.36.131] - 0 tcp qps - 4 udp qps
Jan 10 10:00:02 localhost dns_flood_detector[14559]: dns_flood_detector starting
Jan 10 10:06:02 localhost dns_flood_detector[14560]: source [194.47.46.148] - 0 tcp qps - 4 udp qps
Jan 10 10:10:02 localhost dns_flood_detector[14560]: source [195.47.247.202] - 0 tcp qps - 10 udp qps
Jan 10 10:25:02 localhost dns_flood_detector[14560]: source [194.47.33.122] - 0 tcp qps - 7 udp qps
Jan 10 10:30:00 localhost dns_flood_detector[14617]: dns_flood_detector starting
Jan 10 10:31:00 localhost dns_flood_detector[14618]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 10 10:36:00 localhost dns_flood_detector[14618]: source [194.47.33.130] - 0 tcp qps - 4 udp qps
Jan 10 11:00:00 localhost dns_flood_detector[14679]: dns_flood_detector starting
Jan 10 11:05:00 localhost dns_flood_detector[14680]: source [194.47.33.122] - 0 tcp qps - 4 udp qps
Jan 10 11:16:00 localhost dns_flood_detector[14680]: source [194.47.46.128] - 0 tcp qps - 6 udp qps
Jan 10 11:19:00 localhost dns_flood_detector[14680]: source [62.119.73.2] - 0 tcp qps - 11 udp qps
Jan 10 11:22:00 localhost dns_flood_detector[14680]: source [194.47.33.125] - 0 tcp qps - 4 udp qps
Jan 10 11:22:00 localhost dns_flood_detector[14680]: source [194.47.33.130] - 0 tcp qps - 4 udp qps
Jan 10 11:26:00 localhost dns_flood_detector[14680]: source [194.47.33.50] - 0 tcp qps - 4 udp qps
Jan 10 11:30:00 localhost dns_flood_detector[14743]: dns_flood_detector starting
Jan 10 11:35:01 localhost dns_flood_detector[14744]: source [194.47.36.131] - 0 tcp qps - 4 udp qps
Jan 10 11:36:01 localhost dns_flood_detector[14744]: source [195.47.247.202] - 0 tcp qps - 8 udp qps
Jan 10 11:45:01 localhost dns_flood_detector[14744]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 10 11:54:01 localhost dns_flood_detector[14744]: source [62.119.73.2] - 0 tcp qps - 6 udp qps
Jan 10 12:00:00 localhost dns_flood_detector[14800]: dns_flood_detector starting
Jan 10 12:30:03 localhost dns_flood_detector[14872]: dns_flood_detector starting
Jan 10 13:00:00 localhost dns_flood_detector[14929]: dns_flood_detector starting
Jan 10 13:01:00 localhost dns_flood_detector[14930]: source [194.47.33.140] - 0 tcp qps - 4 udp qps
Jan 10 13:23:00 localhost dns_flood_detector[14930]: source [194.47.46.128] - 0 tcp qps - 5 udp qps
Jan 10 13:25:00 localhost dns_flood_detector[14930]: source [194.47.36.131] - 0 tcp qps - 6 udp qps
Jan 10 13:30:01 localhost dns_flood_detector[14995]: dns_flood_detector starting
Jan 10 13:47:01 localhost dns_flood_detector[14996]: source [194.47.33.137] - 0 tcp qps - 4 udp qps
Jan 10 14:00:00 localhost dns_flood_detector[15053]: dns_flood_detector starting
Jan 10 14:22:00 localhost dns_flood_detector[15054]: source [194.47.29.56] - 0 tcp qps - 4 udp qps
Jan 10 14:30:00 localhost dns_flood_detector[15116]: dns_flood_detector starting
Jan 10 14:42:00 localhost dns_flood_detector[15122]: source [194.47.46.128] - 0 tcp qps - 8 udp qps
Jan 10 14:50:00 localhost dns_flood_detector[15122]: source [194.47.33.146] - 0 tcp qps - 4 udp qps
Jan 10 14:57:01 localhost dns_flood_detector[15122]: source [194.47.33.130] - 0 tcp qps - 5 udp qps
Jan 10 15:00:00 localhost dns_flood_detector[15183]: dns_flood_detector starting
Jan 10 15:21:00 localhost dns_flood_detector[15184]: source [194.47.45.198] - 0 tcp qps - 9 udp qps
Jan 10 15:30:00 localhost dns_flood_detector[15247]: dns_flood_detector starting
Jan 10 16:00:00 localhost dns_flood_detector[15309]: dns_flood_detector starting
Jan 10 16:30:00 localhost dns_flood_detector[15373]: dns_flood_detector starting
Jan 10 16:38:00 localhost dns_flood_detector[15374]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 10 16:42:00 localhost dns_flood_detector[15374]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 10 17:00:01 localhost dns_flood_detector[15430]: dns_flood_detector starting
Jan 10 17:30:00 localhost dns_flood_detector[15495]: dns_flood_detector starting
Jan 10 17:31:00 localhost dns_flood_detector[15496]: source [194.47.41.14] - 0 tcp qps - 5 udp qps
Jan 10 18:00:00 localhost dns_flood_detector[15556]: dns_flood_detector starting
Jan 10 18:30:03 localhost dns_flood_detector[15628]: dns_flood_detector starting
Jan 10 19:00:00 localhost dns_flood_detector[15687]: dns_flood_detector starting
Jan 10 19:13:06 localhost sshd(pam_unix)[15741]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=h48n2fls34o977.telia.com user=root
Jan 10 19:13:11 localhost sshd(pam_unix)[15741]: session opened for user root by (uid=0)
Jan 10 19:30:00 localhost dns_flood_detector[15795]: dns_flood_detector starting
Jan 10 19:33:11 localhost sshd(pam_unix)[15741]: session closed for user root
Jan 10 19:53:00 localhost dns_flood_detector[15796]: source [213.150.135.210] - 0 tcp qps - 13 udp qps
Jan 10 19:53:00 localhost dns_flood_detector[15796]: source [213.150.135.211] - 0 tcp qps - 15 udp qps
Jan 10 20:00:00 localhost dns_flood_detector[15861]: dns_flood_detector starting
Jan 10 20:30:00 localhost dns_flood_detector[15920]: dns_flood_detector starting
Jan 10 21:00:00 localhost dns_flood_detector[15983]: dns_flood_detector starting
Jan 10 21:30:00 localhost dns_flood_detector[16051]: dns_flood_detector starting
Jan 10 22:00:01 localhost dns_flood_detector[16113]: dns_flood_detector starting
Jan 10 22:22:01 localhost dns_flood_detector[16114]: source [194.47.29.56] - 0 tcp qps - 4 udp qps
Jan 10 22:26:01 localhost dns_flood_detector[16114]: source [194.47.25.22] - 0 tcp qps - 6 udp qps
Jan 10 22:30:00 localhost dns_flood_detector[16173]: dns_flood_detector starting
Jan 10 23:00:01 localhost dns_flood_detector[16234]: dns_flood_detector starting
Jan 10 23:30:01 localhost dns_flood_detector[16303]: dns_flood_detector starting
Jan 11 00:00:00 localhost dns_flood_detector[16362]: dns_flood_detector starting
Jan 11 00:12:00 localhost dns_flood_detector[16363]: source [198.152.13.99] - 0 tcp qps - 5 udp qps
Jan 11 00:30:00 localhost dns_flood_detector[16548]: dns_flood_detector starting
Jan 11 00:47:01 localhost dns_flood_detector[16549]: source [195.47.247.202] - 0 tcp qps - 33 udp qps
Jan 11 00:50:01 localhost dns_flood_detector[16549]: source [195.47.247.202] - 0 tcp qps - 19 udp qps
Jan 11 01:00:00 localhost dns_flood_detector[16802]: dns_flood_detector starting
Jan 11 01:07:00 localhost dns_flood_detector[16803]: source [195.47.247.202] - 0 tcp qps - 17 udp qps
Jan 11 01:09:00 localhost dns_flood_detector[16803]: source [195.47.247.202] - 0 tcp qps - 26 udp qps
Jan 11 01:30:00 localhost dns_flood_detector[17281]: dns_flood_detector starting
Jan 11 01:42:00 localhost dns_flood_detector[17282]: source [140.130.212.245] - 0 tcp qps - 4 udp qps
Jan 11 02:00:00 localhost dns_flood_detector[17673]: dns_flood_detector starting
Jan 11 02:06:01 localhost dns_flood_detector[17679]: source [216.208.38.76] - 0 tcp qps - 4 udp qps
Jan 11 02:30:01 localhost dns_flood_detector[17841]: dns_flood_detector starting
Jan 11 02:32:01 localhost dns_flood_detector[17842]: source [62.119.73.2] - 0 tcp qps - 7 udp qps
Jan 11 02:48:01 localhost dns_flood_detector[17842]: source [80.237.128.135] - 0 tcp qps - 4 udp qps
Jan 11 03:00:01 localhost dns_flood_detector[17935]: dns_flood_detector starting
Jan 11 03:30:00 localhost dns_flood_detector[18024]: dns_flood_detector starting
Jan 11 03:52:01 localhost dns_flood_detector[18034]: source [195.47.247.202] - 0 tcp qps - 28 udp qps
Jan 11 03:59:01 localhost dns_flood_detector[18034]: source [195.47.247.202] - 0 tcp qps - 26 udp qps
Jan 11 04:00:01 localhost dns_flood_detector[18094]: dns_flood_detector starting
Jan 11 04:02:01 localhost dns_flood_detector[18095]: source [195.47.247.202] - 0 tcp qps - 11 udp qps
Jan 11 04:02:19 localhost syslogd 1.4.1: restart.
Jan 11 04:04:01 localhost dns_flood_detector[18095]: source [195.47.247.202] - 0 tcp qps - 15 udp qps
Jan 11 04:05:01 localhost dns_flood_detector[18095]: source [194.47.38.47] - 0 tcp qps - 5 udp qps
Jan 11 04:18:01 localhost dns_flood_detector[18095]: source [195.47.247.202] - 0 tcp qps - 36 udp qps
Jan 11 04:30:01 localhost dns_flood_detector[18551]: dns_flood_detector starting
Jan 11 05:00:01 localhost dns_flood_detector[18618]: dns_flood_detector starting
Jan 11 05:06:01 localhost dns_flood_detector[18619]: source [195.47.247.100] - 0 tcp qps - 6 udp qps
Jan 11 05:06:01 localhost dns_flood_detector[18619]: source [195.47.247.200] - 0 tcp qps - 6 udp qps
Jan 11 05:12:01 localhost dns_flood_detector[18619]: source [195.47.247.200] - 0 tcp qps - 36 udp qps
Jan 11 05:12:01 localhost dns_flood_detector[18619]: source [195.47.247.100] - 0 tcp qps - 33 udp qps
Jan 11 05:30:00 localhost dns_flood_detector[18677]: dns_flood_detector starting
Jan 11 05:48:00 localhost dns_flood_detector[18678]: source [195.47.247.202] - 0 tcp qps - 28 udp qps
Jan 11 05:49:00 localhost dns_flood_detector[18678]: source [198.152.12.99] - 0 tcp qps - 5 udp qps
Jan 11 05:49:00 localhost dns_flood_detector[18678]: source [198.152.13.99] - 0 tcp qps - 4 udp qps
Jan 11 06:00:00 localhost dns_flood_detector[18739]: dns_flood_detector starting
Jan 11 06:01:00 localhost dns_flood_detector[18740]: source [195.47.247.200] - 0 tcp qps - 5 udp qps
Jan 11 06:10:00 localhost dns_flood_detector[18740]: source [195.47.247.202] - 0 tcp qps - 17 udp qps
Jan 11 06:30:00 localhost dns_flood_detector[18803]: dns_flood_detector starting
Jan 11 07:00:00 localhost dns_flood_detector[18865]: dns_flood_detector starting
Jan 11 07:06:00 localhost dns_flood_detector[18866]: source [195.47.247.202] - 0 tcp qps - 43 udp qps
Jan 11 07:09:00 localhost dns_flood_detector[18866]: source [195.47.247.202] - 0 tcp qps - 33 udp qps
Jan 11 07:12:00 localhost dns_flood_detector[18866]: source [195.47.247.202] - 0 tcp qps - 18 udp qps
Jan 11 07:14:00 localhost dns_flood_detector[18866]: source [195.47.247.202] - 0 tcp qps - 17 udp qps
Jan 11 07:19:00 localhost dns_flood_detector[18866]: source [202.9.128.6] - 0 tcp qps - 58 udp qps
Jan 11 07:19:00 localhost dns_flood_detector[18866]: source [202.9.145.6] - 0 tcp qps - 72 udp qps
Jan 11 07:28:00 localhost dns_flood_detector[18866]: source [195.47.247.202] - 0 tcp qps - 28 udp qps
Jan 11 07:30:00 localhost dns_flood_detector[18929]: dns_flood_detector starting
Jan 11 07:31:00 localhost dns_flood_detector[18930]: source [130.235.128.100] - 0 tcp qps - 4 udp qps
Jan 11 07:55:00 localhost dns_flood_detector[18930]: source [195.47.247.200] - 0 tcp qps - 4 udp qps
Jan 11 07:57:00 localhost dns_flood_detector[18930]: source [130.235.128.100] - 0 tcp qps - 4 udp qps
Jan 11 07:59:00 localhost dns_flood_detector[18930]: source [130.235.128.100] - 0 tcp qps - 4 udp qps
Jan 11 08:00:01 localhost dns_flood_detector[19004]: dns_flood_detector starting
Jan 11 08:01:01 localhost dns_flood_detector[19005]: source [130.235.128.100] - 0 tcp qps - 6 udp qps
Jan 11 08:01:01 localhost dns_flood_detector[19005]: source [206.190.41.39] - 0 tcp qps - 6 udp qps
Jan 11 08:01:01 localhost dns_flood_detector[19005]: source [206.190.41.38] - 0 tcp qps - 6 udp qps
Jan 11 08:03:01 localhost dns_flood_detector[19005]: source [130.235.128.100] - 0 tcp qps - 4 udp qps
Jan 11 08:03:01 localhost dns_flood_detector[19005]: source [206.190.41.39] - 0 tcp qps - 5 udp qps
Jan 11 08:03:01 localhost dns_flood_detector[19005]: source [206.190.41.38] - 0 tcp qps - 5 udp qps
Jan 11 08:25:01 localhost dns_flood_detector[19005]: source [194.47.36.75] - 0 tcp qps - 4 udp qps
Jan 11 08:30:00 localhost dns_flood_detector[19139]: dns_flood_detector starting
Jan 11 08:31:00 localhost dns_flood_detector[19140]: source [194.47.36.131] - 0 tcp qps - 4 udp qps
Jan 11 08:58:00 localhost dns_flood_detector[19140]: source [194.47.36.84] - 0 tcp qps - 4 udp qps
Jan 11 09:00:00 localhost dns_flood_detector[19156]: dns_flood_detector starting
Jan 11 09:16:00 localhost dns_flood_detector[19157]: source [194.47.33.56] - 0 tcp qps - 4 udp qps
Jan 11 09:30:00 localhost dns_flood_detector[19220]: dns_flood_detector starting
Jan 11 09:33:00 localhost dns_flood_detector[19221]: source [194.47.46.118] - 0 tcp qps - 9 udp qps
Jan 11 09:42:01 localhost dns_flood_detector[19221]: source [194.47.36.131] - 0 tcp qps - 4 udp qps
Jan 11 10:00:00 localhost dns_flood_detector[19282]: dns_flood_detector starting
Jan 11 10:13:00 localhost dns_flood_detector[19283]: source [194.47.36.65] - 0 tcp qps - 4 udp qps
Jan 11 10:29:01 localhost dns_flood_detector[19283]: source [194.47.33.112] - 0 tcp qps - 6 udp qps
Jan 11 10:30:00 localhost dns_flood_detector[19346]: dns_flood_detector starting
Jan 11 10:46:01 localhost dns_flood_detector[19347]: source [194.47.33.130] - 0 tcp qps - 6 udp qps
Jan 11 10:48:01 localhost dns_flood_detector[19347]: source [194.47.33.112] - 0 tcp qps - 5 udp qps
Jan 11 10:54:01 localhost dns_flood_detector[19347]: source [62.119.73.2] - 0 tcp qps - 5 udp qps
Jan 11 11:00:00 localhost dns_flood_detector[19403]: dns_flood_detector starting
Jan 11 11:07:00 localhost dns_flood_detector[19404]: source [194.47.33.125] - 0 tcp qps - 4 udp qps
Jan 11 11:09:00 localhost dns_flood_detector[19404]: source [62.119.73.2] - 0 tcp qps - 7 udp qps
Jan 11 11:13:00 localhost dns_flood_detector[19404]: source [194.47.37.82] - 0 tcp qps - 7 udp qps
Jan 11 11:15:00 localhost dns_flood_detector[19404]: source [194.47.33.125] - 0 tcp qps - 8 udp qps
Jan 11 11:27:00 localhost dns_flood_detector[19404]: source [194.47.33.112] - 0 tcp qps - 5 udp qps
Jan 11 11:30:02 localhost dns_flood_detector[19475]: dns_flood_detector starting
Jan 11 11:31:02 localhost dns_flood_detector[19476]: source [194.47.33.210] - 0 tcp qps - 6 udp qps
Jan 11 11:42:02 localhost dns_flood_detector[19476]: source [194.47.33.112] - 0 tcp qps - 6 udp qps
Jan 11 12:00:00 localhost dns_flood_detector[19534]: dns_flood_detector starting
Jan 11 12:04:00 localhost dns_flood_detector[19535]: source [194.47.33.59] - 0 tcp qps - 5 udp qps
Jan 11 12:10:00 localhost dns_flood_detector[19535]: source [194.47.47.62] - 0 tcp qps - 4 udp qps
Jan 11 12:28:01 localhost dns_flood_detector[19535]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 11 12:30:00 localhost dns_flood_detector[19598]: dns_flood_detector starting
Jan 11 12:58:01 localhost dns_flood_detector[19599]: source [194.47.36.131] - 0 tcp qps - 4 udp qps
Jan 11 13:00:00 localhost dns_flood_detector[19660]: dns_flood_detector starting
Jan 11 13:30:00 localhost dns_flood_detector[19719]: dns_flood_detector starting
Jan 11 14:00:00 localhost dns_flood_detector[19786]: dns_flood_detector starting
Jan 11 14:01:00 localhost dns_flood_detector[19787]: source [194.47.46.128] - 0 tcp qps - 6 udp qps
Jan 11 14:22:00 localhost dns_flood_detector[19787]: source [194.47.35.118] - 0 tcp qps - 10 udp qps
Jan 11 14:30:01 localhost dns_flood_detector[19858]: dns_flood_detector starting
Jan 11 14:54:02 localhost dns_flood_detector[19859]: source [194.47.36.96] - 0 tcp qps - 5 udp qps
Jan 11 15:00:00 localhost dns_flood_detector[19952]: dns_flood_detector starting
Jan 11 15:10:01 localhost dns_flood_detector[19953]: source [194.47.33.130] - 0 tcp qps - 4 udp qps
Jan 11 15:30:00 localhost dns_flood_detector[19975]: dns_flood_detector starting
Jan 11 16:00:01 localhost dns_flood_detector[20034]: dns_flood_detector starting
Jan 11 16:09:01 localhost dns_flood_detector[20035]: source [194.47.36.115] - 0 tcp qps - 5 udp qps
Jan 11 16:23:01 localhost dns_flood_detector[20035]: source [195.47.247.202] - 0 tcp qps - 8 udp qps
Jan 11 16:25:01 localhost dns_flood_detector[20035]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 11 16:30:01 localhost dns_flood_detector[20101]: dns_flood_detector starting
Jan 11 16:31:01 localhost dns_flood_detector[20102]: source [194.47.46.128] - 0 tcp qps - 7 udp qps
Jan 11 17:00:00 localhost dns_flood_detector[20159]: dns_flood_detector starting
Jan 11 17:12:00 localhost dns_flood_detector[20160]: source [194.47.38.43] - 0 tcp qps - 4 udp qps
Jan 11 17:19:00 localhost dns_flood_detector[20160]: source [194.47.38.43] - 0 tcp qps - 7 udp qps
Jan 11 17:23:32 localhost sshd(pam_unix)[20216]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=h48n2fls34o977.telia.com user=root
Jan 11 17:23:36 localhost sshd(pam_unix)[20216]: session opened for user root by (uid=0)
Jan 11 17:30:00 localhost dns_flood_detector[20266]: dns_flood_detector starting
Jan 11 18:00:01 localhost dns_flood_detector[20330]: dns_flood_detector starting
Jan 11 18:00:11 localhost sshd(pam_unix)[20216]: session closed for user root
Jan 11 18:21:01 localhost dns_flood_detector[20331]: source [195.47.247.202] - 0 tcp qps - 6 udp qps
Jan 11 18:30:00 localhost dns_flood_detector[20396]: dns_flood_detector starting
Jan 11 18:45:01 localhost dns_flood_detector[20397]: source [195.47.247.52] - 0 tcp qps - 9 udp qps
Jan 11 19:00:00 localhost dns_flood_detector[20461]: dns_flood_detector starting
Jan 11 19:23:42 localhost sshd(pam_unix)[20514]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=h48n2fls34o977.telia.com user=root
Jan 11 19:23:46 localhost sshd(pam_unix)[20514]: session opened for user root by (uid=0)
Jan 11 19:27:46 localhost sshd(pam_unix)[20514]: session closed for user root
Jan 11 19:30:00 localhost dns_flood_detector[20569]: dns_flood_detector starting
Jan 11 19:35:02 localhost dns_flood_detector[20570]: source [212.12.160.9] - 0 tcp qps - 14 udp qps
Jan 11 19:37:02 localhost dns_flood_detector[20570]: source [212.12.160.9] - 0 tcp qps - 15 udp qps
Jan 11 19:39:02 localhost dns_flood_detector[20570]: source [212.12.160.9] - 0 tcp qps - 15 udp qps
Jan 11 19:41:02 localhost dns_flood_detector[20570]: source [212.12.160.9] - 0 tcp qps - 15 udp qps
Jan 11 19:43:02 localhost dns_flood_detector[20570]: source [212.12.160.9] - 0 tcp qps - 12 udp qps
Jan 11 20:00:00 localhost dns_flood_detector[20626]: dns_flood_detector starting
Jan 11 20:06:03 localhost dns_flood_detector[20632]: source [206.81.84.156] - 0 tcp qps - 4 udp qps
Jan 11 20:30:03 localhost dns_flood_detector[20701]: dns_flood_detector starting
Jan 11 20:38:03 localhost dns_flood_detector[20702]: source [195.47.247.202] - 0 tcp qps - 6 udp qps
Jan 11 20:40:03 localhost dns_flood_detector[20702]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 11 20:42:03 localhost dns_flood_detector[20702]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 11 20:52:03 localhost dns_flood_detector[20702]: source [195.47.247.202] - 0 tcp qps - 40 udp qps
Jan 11 20:53:03 localhost dns_flood_detector[20702]: source [195.47.247.52] - 0 tcp qps - 14 udp qps
Jan 11 20:57:03 localhost dns_flood_detector[20702]: source [195.47.247.202] - 0 tcp qps - 14 udp qps
Jan 11 21:00:00 localhost dns_flood_detector[20754]: dns_flood_detector starting
Jan 11 21:30:00 localhost dns_flood_detector[20822]: dns_flood_detector starting
Jan 11 22:00:00 localhost dns_flood_detector[20880]: dns_flood_detector starting
Jan 11 22:15:56 localhost sshd(pam_unix)[20937]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=h48n2fls34o977.telia.com user=root
Jan 11 22:16:00 localhost sshd(pam_unix)[20937]: session opened for user root by (uid=0)
Jan 11 22:30:00 localhost dns_flood_detector[20986]: dns_flood_detector starting
Jan 11 22:48:12 localhost sshd(pam_unix)[20937]: session closed for user root
Jan 11 23:00:00 localhost dns_flood_detector[21058]: dns_flood_detector starting
Jan 11 23:30:00 localhost dns_flood_detector[21121]: dns_flood_detector starting
Jan 12 00:00:00 localhost dns_flood_detector[21185]: dns_flood_detector starting
Jan 12 00:03:00 localhost dns_flood_detector[21186]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 12 00:13:00 localhost dns_flood_detector[21186]: source [195.47.247.52] - 0 tcp qps - 5 udp qps
Jan 12 00:22:00 localhost dns_flood_detector[21186]: source [195.47.247.52] - 0 tcp qps - 26 udp qps
Jan 12 00:29:01 localhost dns_flood_detector[21186]: source [195.47.247.202] - 0 tcp qps - 7 udp qps
Jan 12 00:30:00 localhost dns_flood_detector[22128]: dns_flood_detector starting
Jan 12 01:00:00 localhost dns_flood_detector[22367]: dns_flood_detector starting
Jan 12 01:30:00 localhost dns_flood_detector[22531]: dns_flood_detector starting
Jan 12 02:00:00 localhost dns_flood_detector[22594]: dns_flood_detector starting
Jan 12 02:13:01 localhost dns_flood_detector[22595]: source [195.47.247.202] - 0 tcp qps - 7 udp qps
Jan 12 02:26:01 localhost dns_flood_detector[22595]: source [195.47.247.202] - 0 tcp qps - 22 udp qps
Jan 12 02:28:01 localhost dns_flood_detector[22595]: source [195.47.247.202] - 0 tcp qps - 17 udp qps
Jan 12 02:30:00 localhost dns_flood_detector[22662]: dns_flood_detector starting
Jan 12 02:39:00 localhost dns_flood_detector[22663]: source [195.47.247.202] - 0 tcp qps - 53 udp qps
Jan 12 02:41:00 localhost dns_flood_detector[22663]: source [195.47.247.202] - 0 tcp qps - 12 udp qps
Jan 12 02:43:00 localhost dns_flood_detector[22663]: source [195.47.247.202] - 0 tcp qps - 7 udp qps
Jan 12 02:45:00 localhost dns_flood_detector[22663]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 12 02:47:00 localhost dns_flood_detector[22663]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 12 02:49:00 localhost dns_flood_detector[22663]: source [195.47.247.202] - 0 tcp qps - 8 udp qps
Jan 12 02:51:00 localhost dns_flood_detector[22663]: source [195.47.247.202] - 0 tcp qps - 7 udp qps
Jan 12 03:00:00 localhost dns_flood_detector[22724]: dns_flood_detector starting
Jan 12 03:30:00 localhost dns_flood_detector[22788]: dns_flood_detector starting
Jan 12 03:58:00 localhost dns_flood_detector[22789]: source [195.47.247.202] - 0 tcp qps - 11 udp qps
Jan 12 04:00:01 localhost dns_flood_detector[22846]: dns_flood_detector starting
Jan 12 04:11:01 localhost dns_flood_detector[22847]: source [195.47.247.202] - 0 tcp qps - 30 udp qps
Jan 12 04:15:01 localhost dns_flood_detector[22847]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 12 04:17:01 localhost dns_flood_detector[22847]: source [195.47.247.202] - 0 tcp qps - 24 udp qps
Jan 12 04:26:01 localhost dns_flood_detector[22847]: source [198.152.12.99] - 0 tcp qps - 5 udp qps
Jan 12 04:26:01 localhost dns_flood_detector[22847]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 12 04:26:01 localhost dns_flood_detector[22847]: source [198.152.13.99] - 0 tcp qps - 5 udp qps
Jan 12 04:29:01 localhost dns_flood_detector[22847]: source [195.47.247.52] - 0 tcp qps - 33 udp qps
Jan 12 04:30:02 localhost dns_flood_detector[23351]: dns_flood_detector starting
Jan 12 04:32:02 localhost dns_flood_detector[23352]: source [195.47.247.202] - 0 tcp qps - 17 udp qps
Jan 12 04:51:02 localhost dns_flood_detector[23352]: source [208.45.133.202] - 0 tcp qps - 4 udp qps
Jan 12 04:52:02 localhost dns_flood_detector[23352]: source [208.35.149.170] - 0 tcp qps - 4 udp qps
Jan 12 04:54:02 localhost dns_flood_detector[23352]: source [208.45.133.202] - 0 tcp qps - 4 udp qps
Jan 12 04:55:02 localhost dns_flood_detector[23352]: source [64.226.28.68] - 0 tcp qps - 6 udp qps
Jan 12 04:56:02 localhost dns_flood_detector[23352]: source [64.226.28.68] - 0 tcp qps - 5 udp qps
Jan 12 05:00:00 localhost dns_flood_detector[23407]: dns_flood_detector starting
Jan 12 05:04:00 localhost dns_flood_detector[23408]: source [195.47.247.52] - 0 tcp qps - 152 udp qps
Jan 12 05:04:00 localhost dns_flood_detector[23408]: source [216.183.105.122] - 0 tcp qps - 6 udp qps
Jan 12 05:05:00 localhost dns_flood_detector[23408]: source [216.183.105.122] - 0 tcp qps - 4 udp qps
Jan 12 05:05:00 localhost dns_flood_detector[23408]: source [216.83.236.228] - 0 tcp qps - 4 udp qps
Jan 12 05:06:00 localhost dns_flood_detector[23408]: source [216.183.105.123] - 0 tcp qps - 4 udp qps
Jan 12 05:06:00 localhost dns_flood_detector[23408]: source [216.183.105.122] - 0 tcp qps - 5 udp qps
Jan 12 05:07:00 localhost dns_flood_detector[23408]: source [216.183.105.122] - 0 tcp qps - 5 udp qps
Jan 12 05:08:00 localhost dns_flood_detector[23408]: source [208.45.133.202] - 0 tcp qps - 5 udp qps
Jan 12 05:09:00 localhost dns_flood_detector[23408]: source [216.183.105.122] - 0 tcp qps - 5 udp qps
Jan 12 05:10:00 localhost dns_flood_detector[23408]: source [216.183.105.122] - 0 tcp qps - 5 udp qps
Jan 12 05:16:00 localhost dns_flood_detector[23408]: source [208.186.168.9] - 0 tcp qps - 4 udp qps
Jan 12 05:18:00 localhost dns_flood_detector[23408]: source [208.186.168.9] - 0 tcp qps - 5 udp qps
Jan 12 05:23:00 localhost dns_flood_detector[23408]: source [204.239.167.97] - 0 tcp qps - 4 udp qps
Jan 12 05:23:00 localhost dns_flood_detector[23408]: source [64.81.159.2] - 0 tcp qps - 6 udp qps
Jan 12 05:24:00 localhost dns_flood_detector[23408]: source [208.186.130.96] - 0 tcp qps - 4 udp qps
Jan 12 05:25:00 localhost dns_flood_detector[23408]: source [195.47.247.202] - 0 tcp qps - 24 udp qps
Jan 12 05:28:00 localhost dns_flood_detector[23408]: source [147.243.128.32] - 0 tcp qps - 4 udp qps
Jan 12 05:29:00 localhost dns_flood_detector[23408]: source [213.130.33.105] - 0 tcp qps - 4 udp qps
Jan 12 05:30:00 localhost dns_flood_detector[23468]: dns_flood_detector starting
Jan 12 05:43:00 localhost dns_flood_detector[23469]: source [170.252.72.1] - 0 tcp qps - 4 udp qps
Jan 12 05:46:00 localhost dns_flood_detector[23469]: source [193.219.15.17] - 0 tcp qps - 6 udp qps
Jan 12 05:48:00 localhost dns_flood_detector[23469]: source [208.45.133.202] - 0 tcp qps - 4 udp qps
Jan 12 05:50:00 localhost dns_flood_detector[23469]: source [208.45.133.202] - 0 tcp qps - 6 udp qps
Jan 12 05:52:00 localhost dns_flood_detector[23469]: source [147.243.128.32] - 0 tcp qps - 4 udp qps
Jan 12 05:53:00 localhost dns_flood_detector[23469]: source [147.243.128.32] - 0 tcp qps - 5 udp qps
Jan 12 05:56:01 localhost dns_flood_detector[23469]: source [192.18.42.12] - 0 tcp qps - 8 udp qps
Jan 12 05:56:01 localhost dns_flood_detector[23469]: source [195.47.247.202] - 0 tcp qps - 73 udp qps
Jan 12 06:00:00 localhost dns_flood_detector[23533]: dns_flood_detector starting
Jan 12 06:01:00 localhost dns_flood_detector[23534]: source [147.243.128.32] - 0 tcp qps - 4 udp qps
Jan 12 06:03:00 localhost dns_flood_detector[23534]: source [147.243.128.32] - 0 tcp qps - 4 udp qps
Jan 12 06:04:00 localhost dns_flood_detector[23534]: source [209.34.231.230] - 0 tcp qps - 8 udp qps
Jan 12 06:07:00 localhost dns_flood_detector[23534]: source [66.162.37.130] - 0 tcp qps - 13 udp qps
Jan 12 06:08:00 localhost dns_flood_detector[23534]: source [66.162.37.130] - 0 tcp qps - 10 udp qps
Jan 12 06:14:00 localhost dns_flood_detector[23534]: source [64.226.28.67] - 0 tcp qps - 4 udp qps
Jan 12 06:21:00 localhost dns_flood_detector[23534]: source [208.45.133.202] - 0 tcp qps - 5 udp qps
Jan 12 06:30:00 localhost dns_flood_detector[23596]: dns_flood_detector starting
Jan 12 06:36:00 localhost dns_flood_detector[23597]: source [195.47.247.200] - 0 tcp qps - 18 udp qps
Jan 12 06:36:00 localhost dns_flood_detector[23597]: source [195.47.247.100] - 0 tcp qps - 15 udp qps
Jan 12 07:00:00 localhost dns_flood_detector[23655]: dns_flood_detector starting
Jan 12 07:30:00 localhost dns_flood_detector[23723]: dns_flood_detector starting
Jan 12 07:40:00 localhost dns_flood_detector[23724]: source [62.119.73.2] - 0 tcp qps - 5 udp qps
Jan 12 07:57:00 localhost dns_flood_detector[23724]: source [194.47.46.108] - 0 tcp qps - 8 udp qps
Jan 12 08:00:00 localhost dns_flood_detector[23782]: dns_flood_detector starting
Jan 12 08:08:00 localhost dns_flood_detector[23783]: source [194.47.47.62] - 0 tcp qps - 6 udp qps
Jan 12 08:26:00 localhost dns_flood_detector[23783]: source [62.119.73.2] - 0 tcp qps - 5 udp qps
Jan 12 08:28:00 localhost dns_flood_detector[23783]: source [195.67.18.2] - 0 tcp qps - 6 udp qps
Jan 12 08:30:00 localhost dns_flood_detector[23849]: dns_flood_detector starting
Jan 12 08:31:00 localhost dns_flood_detector[23850]: source [195.47.247.202] - 0 tcp qps - 73 udp qps
Jan 12 08:34:00 localhost dns_flood_detector[23850]: source [130.235.128.100] - 0 tcp qps - 4 udp qps
Jan 12 08:34:00 localhost dns_flood_detector[23850]: source [80.67.18.6] - 0 tcp qps - 4 udp qps
Jan 12 08:36:00 localhost dns_flood_detector[23850]: source [130.235.128.100] - 0 tcp qps - 4 udp qps
Jan 12 08:38:00 localhost dns_flood_detector[23850]: source [130.235.128.100] - 0 tcp qps - 4 udp qps
Jan 12 08:54:01 localhost dns_flood_detector[23850]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 12 09:00:00 localhost dns_flood_detector[23911]: dns_flood_detector starting
Jan 12 09:05:00 localhost dns_flood_detector[23912]: source [194.47.29.66] - 0 tcp qps - 6 udp qps
Jan 12 09:30:00 localhost dns_flood_detector[23971]: dns_flood_detector starting
Jan 12 09:51:02 localhost dns_flood_detector[23972]: source [195.47.247.202] - 0 tcp qps - 11 udp qps
Jan 12 09:57:02 localhost dns_flood_detector[23972]: source [195.47.247.202] - 0 tcp qps - 12 udp qps
Jan 12 10:00:00 localhost dns_flood_detector[24033]: dns_flood_detector starting
Jan 12 10:30:00 localhost dns_flood_detector[24101]: dns_flood_detector starting
Jan 12 10:33:00 localhost dns_flood_detector[24102]: source [194.47.33.213] - 0 tcp qps - 4 udp qps
Jan 12 10:40:00 localhost dns_flood_detector[24102]: source [194.47.33.130] - 0 tcp qps - 4 udp qps
Jan 12 10:46:01 localhost dns_flood_detector[24102]: source [194.47.36.115] - 0 tcp qps - 7 udp qps
Jan 12 10:51:01 localhost dns_flood_detector[24102]: source [194.47.46.128] - 0 tcp qps - 4 udp qps
Jan 12 10:55:01 localhost dns_flood_detector[24102]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 10:57:01 localhost dns_flood_detector[24102]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 10:59:01 localhost dns_flood_detector[24102]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 10:59:01 localhost dns_flood_detector[24102]: source [194.47.46.148] - 0 tcp qps - 4 udp qps
Jan 12 11:00:00 localhost dns_flood_detector[24166]: dns_flood_detector starting
Jan 12 11:01:00 localhost dns_flood_detector[24167]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 11:02:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 4 udp qps
Jan 12 11:04:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 5 udp qps
Jan 12 11:06:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 5 udp qps
Jan 12 11:08:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 5 udp qps
Jan 12 11:08:00 localhost dns_flood_detector[24167]: source [195.47.247.52] - 0 tcp qps - 6 udp qps
Jan 12 11:10:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 5 udp qps
Jan 12 11:12:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 5 udp qps
Jan 12 11:14:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 5 udp qps
Jan 12 11:16:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 5 udp qps
Jan 12 11:18:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 5 udp qps
Jan 12 11:20:00 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 4 udp qps
Jan 12 11:22:01 localhost dns_flood_detector[24167]: source [194.47.25.14] - 0 tcp qps - 4 udp qps
Jan 12 11:23:01 localhost dns_flood_detector[24167]: source [194.47.46.148] - 0 tcp qps - 7 udp qps
Jan 12 11:30:00 localhost dns_flood_detector[24226]: dns_flood_detector starting
Jan 12 11:43:00 localhost dns_flood_detector[24227]: source [195.47.247.202] - 0 tcp qps - 9 udp qps
Jan 12 11:45:00 localhost dns_flood_detector[24227]: source [194.47.33.50] - 0 tcp qps - 5 udp qps
Jan 12 11:52:01 localhost dns_flood_detector[24227]: source [194.47.33.82] - 0 tcp qps - 5 udp qps
Jan 12 12:00:01 localhost dns_flood_detector[24287]: dns_flood_detector starting
Jan 12 12:05:03 localhost dns_flood_detector[24293]: source [194.47.29.66] - 0 tcp qps - 6 udp qps
Jan 12 12:18:03 localhost dns_flood_detector[24293]: source [194.47.33.50] - 0 tcp qps - 4 udp qps
Jan 12 12:21:03 localhost dns_flood_detector[24293]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 12 12:25:03 localhost dns_flood_detector[24293]: source [194.47.33.111] - 0 tcp qps - 4 udp qps
Jan 12 12:30:00 localhost dns_flood_detector[24356]: dns_flood_detector starting
Jan 12 12:51:00 localhost dns_flood_detector[24357]: source [194.47.33.111] - 0 tcp qps - 5 udp qps
Jan 12 13:00:00 localhost dns_flood_detector[24415]: dns_flood_detector starting
Jan 12 13:30:00 localhost dns_flood_detector[24482]: dns_flood_detector starting
Jan 12 14:00:00 localhost dns_flood_detector[24544]: dns_flood_detector starting
Jan 12 14:19:03 localhost dns_flood_detector[24545]: source [194.47.36.72] - 0 tcp qps - 4 udp qps
Jan 12 14:26:03 localhost dns_flood_detector[24545]: source [195.47.247.202] - 0 tcp qps - 6 udp qps
Jan 12 14:30:01 localhost dns_flood_detector[24603]: dns_flood_detector starting
Jan 12 14:52:01 localhost dns_flood_detector[24604]: source [194.47.33.128] - 0 tcp qps - 10 udp qps
Jan 12 15:00:01 localhost dns_flood_detector[24670]: dns_flood_detector starting
Jan 12 15:01:01 localhost dns_flood_detector[24671]: source [194.47.46.108] - 0 tcp qps - 4 udp qps
Jan 12 15:30:00 localhost dns_flood_detector[24731]: dns_flood_detector starting
Jan 12 15:31:00 localhost dns_flood_detector[24732]: source [195.47.247.202] - 0 tcp qps - 8 udp qps
Jan 12 16:00:00 localhost dns_flood_detector[24796]: dns_flood_detector starting
Jan 12 16:11:00 localhost dns_flood_detector[24797]: source [194.47.33.98] - 0 tcp qps - 8 udp qps
Jan 12 16:12:00 localhost dns_flood_detector[24797]: source [194.47.29.66] - 0 tcp qps - 6 udp qps
Jan 12 16:30:00 localhost dns_flood_detector[24860]: dns_flood_detector starting
Jan 12 16:35:00 localhost dns_flood_detector[24861]: source [194.47.35.118] - 0 tcp qps - 10 udp qps
Jan 12 17:00:00 localhost dns_flood_detector[24917]: dns_flood_detector starting
Jan 12 17:02:00 localhost dns_flood_detector[24923]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:04:00 localhost dns_flood_detector[24923]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:06:00 localhost dns_flood_detector[24923]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:09:00 localhost dns_flood_detector[24923]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 12 17:11:00 localhost dns_flood_detector[24923]: source [194.47.45.198] - 0 tcp qps - 5 udp qps
Jan 12 17:30:01 localhost dns_flood_detector[24989]: dns_flood_detector starting
Jan 12 17:35:01 localhost dns_flood_detector[24990]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:35:01 localhost dns_flood_detector[24990]: source [195.47.247.202] - 0 tcp qps - 9 udp qps
Jan 12 17:37:01 localhost dns_flood_detector[24990]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:50:01 localhost dns_flood_detector[24990]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:52:01 localhost dns_flood_detector[24990]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:54:01 localhost dns_flood_detector[24990]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:56:01 localhost dns_flood_detector[24990]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 17:58:01 localhost dns_flood_detector[24990]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 18:00:00 localhost dns_flood_detector[25044]: dns_flood_detector starting
Jan 12 18:01:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:03:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:05:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:07:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:09:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:11:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:13:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:15:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:17:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:19:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:21:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:23:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:25:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:26:00 localhost dns_flood_detector[25045]: source [195.47.247.202] - 0 tcp qps - 8 udp qps
Jan 12 18:27:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:29:00 localhost dns_flood_detector[25045]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:30:00 localhost dns_flood_detector[25108]: dns_flood_detector starting
Jan 12 18:31:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 4 udp qps
Jan 12 18:33:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:35:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:37:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:39:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:41:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:43:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:45:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:47:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:49:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:51:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:53:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:55:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:57:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 18:59:00 localhost dns_flood_detector[25113]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:00:00 localhost dns_flood_detector[25174]: dns_flood_detector starting
Jan 12 19:01:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:03:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:05:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:07:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:09:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:11:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:13:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:15:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:17:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:19:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:21:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:21:00 localhost dns_flood_detector[25175]: source [195.47.247.202] - 0 tcp qps - 10 udp qps
Jan 12 19:23:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:25:00 localhost dns_flood_detector[25175]: source [194.47.25.8] - 0 tcp qps - 5 udp qps
Jan 12 19:30:00 localhost dns_flood_detector[25234]: dns_flood_detector starting
Jan 12 19:41:00 localhost dns_flood_detector[25235]: source [212.214.132.3] - 0 tcp qps - 4 udp qps
Jan 12 19:41:00 localhost dns_flood_detector[25235]: source [193.213.115.26] - 0 tcp qps - 4 udp qps
Jan 12 19:42:00 localhost dns_flood_detector[25235]: source [212.214.132.3] - 0 tcp qps - 4 udp qps
Jan 12 19:47:00 localhost dns_flood_detector[25235]: source [210.148.245.73] - 0 tcp qps - 5 udp qps
Jan 12 19:51:00 localhost dns_flood_detector[25235]: source [203.174.65.3] - 0 tcp qps - 5 udp qps
Jan 12 19:52:01 localhost dns_flood_detector[25235]: source [203.174.65.67] - 0 tcp qps - 5 udp qps
Jan 12 20:00:00 localhost dns_flood_detector[25300]: dns_flood_detector starting
Jan 12 20:03:02 localhost dns_flood_detector[25301]: source [209.172.128.109] - 0 tcp qps - 5 udp qps
Jan 12 20:05:02 localhost dns_flood_detector[25301]: source [193.213.115.28] - 0 tcp qps - 5 udp qps
Jan 12 20:09:02 localhost dns_flood_detector[25301]: source [203.141.160.83] - 0 tcp qps - 4 udp qps
Jan 12 20:16:02 localhost dns_flood_detector[25301]: source [205.139.102.8] - 0 tcp qps - 5 udp qps
Jan 12 20:18:02 localhost dns_flood_detector[25301]: source [203.174.77.67] - 0 tcp qps - 7 udp qps
Jan 12 20:21:02 localhost dns_flood_detector[25301]: source [213.188.129.5] - 0 tcp qps - 5 udp qps
Jan 12 20:21:02 localhost dns_flood_detector[25301]: source [193.75.110.62] - 0 tcp qps - 4 udp qps
Jan 12 20:26:02 localhost dns_flood_detector[25301]: source [137.39.110.185] - 0 tcp qps - 4 udp qps
Jan 12 20:27:02 localhost dns_flood_detector[25301]: source [137.39.110.185] - 0 tcp qps - 7 udp qps
Jan 12 20:28:02 localhost dns_flood_detector[25301]: source [137.39.110.185] - 0 tcp qps - 4 udp qps
Jan 12 20:29:03 localhost dns_flood_detector[25301]: source [137.39.110.185] - 0 tcp qps - 4 udp qps
Jan 12 20:30:00 localhost dns_flood_detector[25364]: dns_flood_detector starting
Jan 12 20:34:02 localhost dns_flood_detector[25365]: source [137.39.110.185] - 0 tcp qps - 4 udp qps
Jan 12 20:34:02 localhost dns_flood_detector[25365]: source [195.47.247.52] - 0 tcp qps - 5 udp qps
Jan 12 20:36:02 localhost dns_flood_detector[25365]: source [137.39.110.185] - 0 tcp qps - 5 udp qps
Jan 12 20:37:02 localhost dns_flood_detector[25365]: source [137.39.110.185] - 0 tcp qps - 4 udp qps
Jan 12 20:37:02 localhost dns_flood_detector[25365]: source [195.47.247.202] - 0 tcp qps - 10 udp qps
Jan 12 20:38:02 localhost dns_flood_detector[25365]: source [137.39.110.185] - 0 tcp qps - 4 udp qps
Jan 12 20:40:02 localhost dns_flood_detector[25365]: source [137.39.110.185] - 0 tcp qps - 4 udp qps
Jan 12 20:49:02 localhost dns_flood_detector[25365]: source [195.47.247.52] - 0 tcp qps - 61 udp qps
Jan 12 20:52:02 localhost dns_flood_detector[25365]: source [203.174.65.67] - 0 tcp qps - 7 udp qps
Jan 12 20:57:02 localhost dns_flood_detector[25365]: source [137.39.110.185] - 0 tcp qps - 4 udp qps
Jan 12 21:00:00 localhost dns_flood_detector[25383]: dns_flood_detector starting
Jan 12 21:25:00 localhost dns_flood_detector[25384]: source [62.119.73.2] - 0 tcp qps - 7 udp qps
Jan 12 21:30:00 localhost dns_flood_detector[25490]: dns_flood_detector starting
Jan 12 21:50:02 localhost dns_flood_detector[25491]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 12 22:00:01 localhost dns_flood_detector[25552]: dns_flood_detector starting
Jan 12 22:30:00 localhost dns_flood_detector[25616]: dns_flood_detector starting
Jan 12 23:00:01 localhost dns_flood_detector[25681]: dns_flood_detector starting
Jan 12 23:23:01 localhost dns_flood_detector[25682]: source [195.47.247.202] - 0 tcp qps - 46 udp qps
Jan 12 23:30:01 localhost dns_flood_detector[25742]: dns_flood_detector starting
Jan 12 23:33:01 localhost dns_flood_detector[25743]: source [195.47.247.202] - 0 tcp qps - 14 udp qps
Jan 12 23:38:01 localhost dns_flood_detector[25743]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 12 23:55:01 localhost dns_flood_detector[25743]: source [195.47.247.52] - 0 tcp qps - 7 udp qps
Jan 13 00:00:00 localhost dns_flood_detector[25804]: dns_flood_detector starting
Jan 13 00:30:01 localhost dns_flood_detector[26257]: dns_flood_detector starting
Jan 13 01:00:00 localhost dns_flood_detector[27038]: dns_flood_detector starting
Jan 13 01:01:00 localhost dns_flood_detector[27039]: source [195.47.247.202] - 0 tcp qps - 10 udp qps
Jan 13 01:30:01 localhost dns_flood_detector[27215]: dns_flood_detector starting
Jan 13 02:00:00 localhost dns_flood_detector[27277]: dns_flood_detector starting
Jan 13 02:01:00 localhost dns_flood_detector[27278]: source [62.119.73.2] - 0 tcp qps - 5 udp qps
Jan 13 02:01:00 localhost dns_flood_detector[27278]: source [194.47.25.22] - 0 tcp qps - 8 udp qps
Jan 13 02:30:00 localhost dns_flood_detector[27341]: dns_flood_detector starting
Jan 13 03:00:01 localhost dns_flood_detector[27403]: dns_flood_detector starting
Jan 13 03:18:01 localhost dns_flood_detector[27404]: source [195.47.247.52] - 0 tcp qps - 48 udp qps
Jan 13 03:20:01 localhost dns_flood_detector[27404]: source [195.47.247.52] - 0 tcp qps - 14 udp qps
Jan 13 03:30:01 localhost dns_flood_detector[27467]: dns_flood_detector starting
Jan 13 03:41:01 localhost dns_flood_detector[27468]: source [195.47.247.52] - 0 tcp qps - 28 udp qps
Jan 13 03:43:01 localhost dns_flood_detector[27468]: source [195.47.247.52] - 0 tcp qps - 6 udp qps
Jan 13 04:00:00 localhost dns_flood_detector[27525]: dns_flood_detector starting
Jan 13 04:05:01 localhost dns_flood_detector[27536]: source [195.47.247.202] - 0 tcp qps - 12 udp qps
Jan 13 04:07:01 localhost dns_flood_detector[27536]: source [195.47.247.202] - 0 tcp qps - 6 udp qps
Jan 13 04:09:01 localhost dns_flood_detector[27536]: source [195.47.247.202] - 0 tcp qps - 23 udp qps
Jan 13 04:11:01 localhost dns_flood_detector[27536]: source [195.47.247.202] - 0 tcp qps - 19 udp qps
Jan 13 04:30:00 localhost dns_flood_detector[28025]: dns_flood_detector starting
Jan 13 05:00:00 localhost dns_flood_detector[28087]: dns_flood_detector starting
Jan 13 05:08:00 localhost dns_flood_detector[28088]: source [195.47.247.100] - 0 tcp qps - 4 udp qps
Jan 13 05:08:00 localhost dns_flood_detector[28088]: source [195.47.247.200] - 0 tcp qps - 6 udp qps
Jan 13 05:14:00 localhost dns_flood_detector[28088]: source [195.47.247.202] - 0 tcp qps - 27 udp qps
Jan 13 05:16:00 localhost dns_flood_detector[28088]: source [195.47.247.202] - 0 tcp qps - 7 udp qps
Jan 13 05:18:00 localhost dns_flood_detector[28088]: source [195.47.247.202] - 0 tcp qps - 19 udp qps
Jan 13 05:20:00 localhost dns_flood_detector[28088]: source [195.47.247.202] - 0 tcp qps - 17 udp qps
Jan 13 05:22:00 localhost dns_flood_detector[28088]: source [195.47.247.202] - 0 tcp qps - 4 udp qps
Jan 13 05:30:00 localhost dns_flood_detector[28151]: dns_flood_detector starting
Jan 13 05:31:00 localhost dns_flood_detector[28152]: source [195.47.247.202] - 0 tcp qps - 23 udp qps
Jan 13 05:34:00 localhost dns_flood_detector[28152]: source [195.47.247.202] - 0 tcp qps - 10 udp qps
Jan 13 05:36:00 localhost dns_flood_detector[28152]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 13 05:50:00 localhost dns_flood_detector[28152]: source [195.47.247.202] - 0 tcp qps - 35 udp qps
Jan 13 05:52:00 localhost dns_flood_detector[28152]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 13 05:54:00 localhost dns_flood_detector[28152]: source [195.47.247.202] - 0 tcp qps - 5 udp qps
Jan 13 06:00:00 localhost dns_flood_detector[28213]: dns_flood_detector starting
Jan 13 06:12:01 localhost dns_flood_detector[28214]: source [195.47.247.100] - 0 tcp qps - 35 udp qps
Jan 13 06:12:01 localhost dns_flood_detector[28214]: source [195.47.247.200] - 0 tcp qps - 33 udp qps
Jan 13 06:14:01 localhost dns_flood_detector[28214]: source [195.47.247.100] - 0 tcp qps - 6 udp qps
Jan 13 06:14:01 localhost dns_flood_detector[28214]: source [195.47.247.200] - 0 tcp qps - 8 udp qps
Jan 13 06:21:01 localhost dns_flood_detector[28214]: source [195.47.247.52] - 0 tcp qps - 53 udp qps
Jan 13 06:23:01 localhost dns_flood_detector[28214]: source [195.47.247.52] - 0 tcp qps - 12 udp qps
Jan 13 06:30:00 localhost dns_flood_detector[28278]: dns_flood_detector starting
Jan 13 06:32:01 localhost dns_flood_detector[28279]: source [195.47.247.100] - 0 tcp qps - 12 udp qps
Jan 13 06:58:01 localhost dns_flood_detector[28279]: source [195.47.247.202] - 0 tcp qps - 9 udp qps
Jan 13 07:00:01 localhost dns_flood_detector[28346]: dns_flood_detector starting
Jan 13 07:30:01 localhost dns_flood_detector[28410]: dns_flood_detector starting
Jan 13 07:51:01 localhost dns_flood_detector[28411]: source [195.47.247.52] - 0 tcp qps - 92 udp qps
Jan 13 08:00:01 localhost dns_flood_detector[28477]: dns_flood_detector starting
Jan 13 08:20:01 localhost dns_flood_detector[28478]: source [194.47.47.62] - 0 tcp qps - 13 udp qps
Jan 13 08:26:02 localhost dns_flood_detector[28478]: source [194.47.36.129] - 0 tcp qps - 4 udp qps
Jan 13 08:27:25 localhost sshd(pam_unix)[28559]: session opened for user root by (uid=0)
Jan 13 08:30:00 localhost dns_flood_detector[28618]: dns_flood_detector starting
Jan 13 08:31:00 localhost dns_flood_detector[28619]: source [81.229.205.236] - 0 tcp qps - 5 udp qps
Jan 13 08:41:28 localhost sshd(pam_unix)[28628]: session opened for user root by (uid=0)
----------------------------
Paul Thurn
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DNS giving up

In article <4hjcu05advbaspdlrh4846918cf3dgid7p@4ax.com>, Paul Thurn wrote:
> There are other networks flooding our dns-servers with questions, the most i saw in the log where 152 qps (query per
> second) from 195.47.247.52. I placed that one and some others from that net in blacklisted on dns server1, and gonna
> wait out to see if any positive results comes up (uptime). 🙂
>

Sounds good!

bd
NSC Volunteer SysOp


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DNS giving up

In article <tpjau0pfvo22vt34vm6qmm39jfcsof6r2b@4ax.com>, Paul Thurn
wrote:
> Do you just want the start up and a couple of minutes, or am I going
> to let it go until the dns freezes??
>

Seeing the freeze from both servers would be the most helpful.

bd
NSC Volunteer SysOp


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Re: DNS giving up

On Fri, 14 Jan 2005 03:48:02 GMT, Brad Doster <bd@NSCSysOps.net> wrote:

>In article <4hjcu05advbaspdlrh4846918cf3dgid7p@4ax.com>, Paul Thurn wrote:
>> There are other networks flooding our dns-servers with questions, the most i saw in the log where 152 qps (query per
>> second) from 195.47.247.52. I placed that one and some others from that net in blacklisted on dns server1, and gonna
>> wait out to see if any positive results comes up (uptime). 🙂
>>

>Sounds good!
>
>bd
>NSC Volunteer SysOp
>


At the moment just dns-server2 has gone down, me and the network guy, has done some research on the traffic and found
out that on those occasions, that the servers (dns1 and 2) has stops respondning on dns the same packet ip occured.
The fault packets ip is 0.0.0.0, uurrgghh nasty....

What do you think about putting 0.0.0.0 on blacklisted servers in dnsserver control config??

adding server2 -dl 3 loggfile right here!!!

Paul

Jan 14 10:01:55.000 client: client: debug 3: client 208.14.143.1#1024: query
Jan 14 10:01:55.000 security: query: debug 3: client 208.14.143.1#1024: query 'mailgate.hkr.se/IN' approved
Jan 14 10:01:55.000 client: client: debug 3: client 208.14.143.1#1024: send
Jan 14 10:01:55.000 client: client: debug 3: client 208.14.143.1#1024: sendto
Jan 14 10:01:55.000 client: client: debug 3: client 208.14.143.1#1024: senddone
Jan 14 10:01:55.000 client: client: debug 3: client 208.14.143.1#1024: next
Jan 14 10:01:55.000 client: client: debug 3: client 208.14.143.1#1024: endrequest
Jan 14 10:01:55.000 client: client: debug 3: client @809472c0: udprecv
Jan 14 10:01:55.000 client: client: debug 3: client 65.61.200.87#1044: UDP request
Jan 14 10:01:55.000 security: client: debug 3: client 65.61.200.87#1044: request is not signed
Jan 14 10:01:55.000 security: client: debug 3: client 65.61.200.87#1044: recursion available: approved
Jan 14 10:01:55.000 client: client: debug 3: client 65.61.200.87#1044: query
Jan 14 10:01:55.000 security: query: debug 3: client 65.61.200.87#1044: query 'mercury-3.hkr.se/IN' approved
Jan 14 10:01:55.000 client: client: debug 3: client 65.61.200.87#1044: send
Jan 14 10:01:55.000 client: client: debug 3: client 65.61.200.87#1044: sendto
Jan 14 10:01:55.000 client: client: debug 3: client 65.61.200.87#1044: senddone
Jan 14 10:01:55.000 client: client: debug 3: client 65.61.200.87#1044: next
Jan 14 10:01:55.000 client: client: debug 3: client 65.61.200.87#1044: endrequest
Jan 14 10:01:55.000 client: client: debug 3: client @809472c0: udprecv
Jan 14 10:01:56.000 client: client: debug 3: client 0.0.0.0#32785: UDP request
Jan 14 10:01:56.000 security: client: debug 3: client 0.0.0.0#32785: request is not signed
Jan 14 10:01:56.000 security: client: debug 3: client 0.0.0.0#32785: recursion available: approved
Jan 14 10:01:56.000 client: client: debug 3: client 0.0.0.0#32785: query
Jan 14 10:01:56.000 security: query: debug 3: client 0.0.0.0#32785: query 'mercury-3.hkr.se/IN' approved
Jan 14 10:01:56.000 client: client: debug 3: client 0.0.0.0#32785: send
Jan 14 10:01:56.000 client: client: debug 3: client 0.0.0.0#32785: sendto
Jan 14 10:10:03.000 general: dynamicrecon: info: Starting the dynamic reconfiguration
Jan 14 10:10:03.000 general: dynamicrecon: info: Dynamic reconfiguration completed.
Jan 14 10:25:03.000 general: dynamicrecon: info: Starting the dynamic reconfiguration
Jan 14 10:25:03.000 general: dynamicrecon: info: Dynamic reconfiguration completed.
Jan 14 10:40:03.000 general: dynamicrecon: info: Starting the dynamic reconfiguration
Jan 14 10:40:03.000 general: dynamicrecon: info: Dynamic reconfiguration completed.
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 24.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 25.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 26.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 27.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 28.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 29.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 30.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 31.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0
Jan 14 10:55:02.000 general: dns/zone: debug 3: dns_zone_dialup: zone 32.47.194.IN-ADDR.ARPA/IN: notify = 0, refresh = 0

<SNIPED>

Jan 14 10:55:04.000 database: dns/cache: debug 1: no_references: delete from rbt: 83437500 thegrid.org.uk
Jan 14 10:55:04.000 database: dns/cache: debug 1: no_references: delete from rbt: 83027980 or.us
Jan 14 10:55:04.000 database: dns/cache: debug 1: no_references: delete from rbt: 81700900 papirini.us
Jan 14 10:55:04.000 database: dns/cache: debug 1: no_references: delete from rbt: 8728ab40 dns-vne-hn.fpt.vn
Jan 14 10:55:04.000 database: dns/cache: debug 1: no_references: delete from rbt: 8728aac0 dns-vne-sg.fpt.vn
Jan 14 10:55:04.000 database: dns/cache: debug 1: no_references: delete from rbt: 8728a680 dns-vne-us.fpt.vn
Jan 14 10:55:04.000 database: dns/cache: debug 1: no_references: delete from rbt: 81b4c580 xxx.xxx.xxx
Jan 14 10:55:04.000 database: dns/cache: debug 1: end cache cleaning, mem inuse 460769
Jan 14 10:55:04.000 general: dynamicrecon: info: Dynamic reconfiguration completed.
Jan 14 11:01:51.000 general: server: info: shutting down
Jan 14 11:01:51.000 resolver: dns/resolver: debug 3: res 8207f540: shutdown
Jan 14 11:01:51.000 resolver: dns/resolver: debug 3: res 8207f540: exiting
Jan 14 11:01:51.000 general: dns/request: debug 3: dns_requestmgr_shutdown: 815b4320
Jan 14 11:01:51.000 general: dns/request: debug 3: send_shutdown_events: 815b4320
Jan 14 11:01:51.000 network: interfacemgr: info: no longer listening on 194.47.25.14#53
Jan 14 11:01:51.000 general: client: debug 3: clientmgr @81107d40: destroy
Jan 14 11:01:51.000 client: client: debug 3: client @8176c000: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @8176c000: free
Jan 14 11:01:51.000 client: client: debug 3: client @8176c2a0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @8176c2a0: free
Jan 14 11:01:51.000 client: client: debug 3: client @820df280: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @820df280: free
Jan 14 11:01:51.000 client: client: debug 3: client @820df520: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @820df520: free
Jan 14 11:01:51.000 client: client: debug 3: client 0.0.0.0#32785: shutdown
Jan 14 11:01:51.000 resolver: dns/resolver: debug 3: res 81e98960: shutdown
Jan 14 11:01:51.000 resolver: dns/resolver: debug 3: res 81e98960: exiting
Jan 14 11:01:51.000 general: dns/request: debug 3: dns_requestmgr_shutdown: 80e86c00
Jan 14 11:01:51.000 general: dns/request: debug 3: send_shutdown_events: 80e86c00
Jan 14 11:01:51.000 client: client: debug 3: client @820dfd00: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @820dfd00: free
Jan 14 11:01:51.000 client: client: debug 3: client 0.0.0.0#32785: senddone
Jan 14 11:01:51.000 client: client: warning: client 0.0.0.0#32785: error sending response: operation canceled
Jan 14 11:01:51.000 client: client: debug 3: client 0.0.0.0#32785: endrequest
Jan 14 11:01:51.000 client: client: debug 3: client @809472c0: free
Jan 14 11:01:51.000 client: client: debug 3: client @80947560: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @80947560: free
Jan 14 11:01:51.000 client: client: debug 3: client @80948280: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @80948280: free
Jan 14 11:01:51.000 client: client: debug 3: client @80947d40: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @80947d40: free
Jan 14 11:01:51.000 client: client: debug 3: client @80948d00: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @80948d00: free
Jan 14 11:01:51.000 client: client: debug 3: client @80947800: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @80947800: free
Jan 14 11:01:51.000 client: client: debug 3: client @80947aa0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @80947aa0: free
Jan 14 11:01:51.000 client: client: debug 3: client @809487c0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @809487c0: free
Jan 14 11:01:51.000 client: client: debug 3: client @884ab000: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884ab000: free
Jan 14 11:01:51.000 client: client: debug 3: client @884ab540: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884ab540: free
Jan 14 11:01:51.000 client: client: debug 3: client @884ab7e0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884ab7e0: free
Jan 14 11:01:51.000 client: client: debug 3: client @884abd20: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884abd20: free
Jan 14 11:01:51.000 client: client: debug 3: client @80948520: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @80948520: free
Jan 14 11:01:51.000 client: client: debug 3: client @80948a60: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @80948a60: free
Jan 14 11:01:51.000 client: client: debug 3: client @884ab2a0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884ab2a0: free
Jan 14 11:01:51.000 client: client: debug 3: client @884ac500: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884ac500: free
Jan 14 11:01:51.000 client: client: debug 3: client @80947fe0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884ac7a0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884ac7a0: free
Jan 14 11:01:51.000 client: client: debug 3: client @80947fe0: accept failed: operation canceled
Jan 14 11:01:51.000 client: client: debug 3: client @80947fe0: free
Jan 14 11:01:51.000 client: client: debug 3: client @888ec560: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @888ec560: free
Jan 14 11:01:51.000 client: client: debug 3: client @888ed7c0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @888edd00: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @888edd00: free
Jan 14 11:01:51.000 client: client: debug 3: client @888ed7c0: accept failed: operation canceled
Jan 14 11:01:51.000 client: client: debug 3: client @888ed7c0: free
Jan 14 11:01:51.000 client: client: debug 3: client @884f5520: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884f5520: free
Jan 14 11:01:51.000 client: client: debug 3: client @888ed520: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884ac260: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @888ed520: free
Jan 14 11:01:51.000 client: client: debug 3: client @884ac260: free
Jan 14 11:01:51.000 client: client: debug 3: client @8840c2c0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @8840c2c0: free
Jan 14 11:01:51.000 client: client: debug 3: client @88728fc0: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @88728fc0: free
Jan 14 11:01:51.000 client: client: debug 3: client @88729500: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @88729500: free
Jan 14 11:01:51.000 client: client: debug 3: client @884f4d40: shutdown
Jan 14 11:01:51.000 client: client: debug 3: client @884f4d40: free
Jan 14 11:01:51.000 general: client: debug 3: clientmgr @81107d40: clientmgr_destroy
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 24.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 resolver: dns/resolver: debug 3: res 81e98960: detach
Jan 14 11:01:51.000 resolver: dns/resolver: debug 3: res 81e98960: destroy
Jan 14 11:01:51.000 general: dns/request: debug 3: dns_requestmgr_detach: 80e86c00: eref 0 iref 0
Jan 14 11:01:51.000 general: dns/request: debug 3: mgr_destroy
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 33.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 25.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 42.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 34.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone hlm.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 43.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone ext.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone bibl.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 27.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone husa.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 45.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 26.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 36.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 35.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone webbtech.nu/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 44.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone mna.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone ibert.nu/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 29.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone bet.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 30.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 31.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 38.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 39.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 47.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 40.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone abk.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone mastvagen.nu/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 28.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone vless.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 37.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 41.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 46.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone 32.47.194.IN-ADDR.ARPA/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone tillberg.nu/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone cf.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone hv.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone studbos.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone vpn.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone e.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone data.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone tec.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone tandhyg.hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone hkr.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone thurn.se/IN: shutting down
Jan 14 11:01:51.000 general: dns/zone: debug 3: zone_shutdown: zone thurn.com/IN: shutting down
Jan 14 11:01:51.000 resolver: dns/resolver: debug 3: res 8207f540: detach
Jan 14 11:01:51.000 resolver: dns/resolver: debug 3: res 8207f540: destroy
Jan 14 11:01:51.000 general: dns/request: debug 3: dns_requestmgr_detach: 815b4320: eref 0 iref 0
Jan 14 11:01:51.000 general: dns/request: debug 3: mgr_destroy
Jan 14 11:01:51.000 general: main: notice: exiting

----------------------------
Paul Thurn
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DNS giving up

Oh, this is getting fun! Was the 'shutdown' shown in the log
"automatic" or did you UNLOAD NAMED to cause it?

I'm gonna pass this back to Novell for comment. In the meantime it's a
good bet they'll want to see an actual packet trace of the problem.
The easiest way to get one is to search FileFinder for pktscan.nlm and
run it on your server(s).

As for blacklisting, if you mean adding 0.0.0.0 as an excluded address
in the zone's Query List, it seems that would be worth a try.

bd
NSC Volunteer SysOp


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Re: DNS giving up

On Fri, 14 Jan 2005 15:36:02 GMT, Brad Doster <bd@NSCSysOps.net> wrote:

>Oh, this is getting fun! Was the 'shutdown' shown in the log
>"automatic" or did you UNLOAD NAMED to cause it?
>

I did the unload , nothing more happened for an hour so it seems ok with a shutdown.

>I'm gonna pass this back to Novell for comment. In the meantime it's a
>good bet they'll want to see an actual packet trace of the problem.
>The easiest way to get one is to search FileFinder for pktscan.nlm and
>run it on your server(s).

oki.. gonna try that one. The ipadress is from the outside. The network guy, has set up an extensiv scan on 0.0.0.0 to
see where it came from, but for now it hasn't shown yet.

>
>As for blacklisting, if you mean adding 0.0.0.0 as an excluded address
>in the zone's Query List, it seems that would be worth a try.


hehe tried blacklisted servers, it said - Please try a valid ip address, so it seems like there is no way to do it in
the dns configuration.
But the network dude said that he could put in a scrubber and stop all 0.0.0.0 addresses from the outside.

>
>bd
>NSC Volunteer SysOp
>


/paul
Guess I'll be back 🙂

----------------------------
Paul Thurn
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Re: Re: DNS giving up

On Fri, 14 Jan 2005 20:13:15 GMT, Paul Thurn <paul.thurn@data.hkr.se> wrote:

>On Fri, 14 Jan 2005 15:36:02 GMT, Brad Doster <bd@NSCSysOps.net> wrote:
>
>>Oh, this is getting fun! Was the 'shutdown' shown in the log
>>"automatic" or did you UNLOAD NAMED to cause it?
>>

>I did the unload , nothing more happened for an hour so it seems ok with a shutdown.
>
>>I'm gonna pass this back to Novell for comment. In the meantime it's a
>>good bet they'll want to see an actual packet trace of the problem.
>>The easiest way to get one is to search FileFinder for pktscan.nlm and
>>run it on your server(s).

>oki.. gonna try that one. The ipadress is from the outside. The network guy, has set up an extensiv scan on 0.0.0.0 to
>see where it came from, but for now it hasn't shown yet.

Did run it on server2, without the named loaded, in one minute i got a logfile size of 18Mb, it possible to make the log
do a turnover after the buffer is filled, but then someone has watch over it to stop the pktscan when 0.0.0.0 shows
up... Hmm won't be easy..
>
>>
>>As for blacklisting, if you mean adding 0.0.0.0 as an excluded address
>>in the zone's Query List, it seems that would be worth a try.

>
>hehe tried blacklisted servers, it said - Please try a valid ip address, so it seems like there is no way to do it in
>the dns configuration.
>But the network dude said that he could put in a scrubber and stop all 0.0.0.0 addresses from the outside.
>
>>
>>bd
>>NSC Volunteer SysOp
>>

>
>/paul
>Guess I'll be back 🙂
>
>----------------------------
>Paul Thurn

Another stop this night on server1 and as we predicted, 0.0.0.0 did the job.
Gonna tell the network dude to filter out 0.0.0.0, so that i can sleep well all night...
heres the logfile also.
Thank for all your moral support 😉

Paul


Jan 15 01:36:01.000 client: client: debug 3: client 194.47.25.51#10964: UDP request
Jan 15 01:36:01.000 security: client: debug 3: client 194.47.25.51#10964: request is not signed
Jan 15 01:36:01.000 security: client: debug 3: client 194.47.25.51#10964: recursion available: approved
Jan 15 01:36:01.000 client: client: debug 3: client 194.47.25.51#10964: query
Jan 15 01:36:01.000 security: client: debug 3: client 194.47.25.51#10964: query (cache) approved
Jan 15 01:36:01.000 client: client: debug 3: client 194.47.25.51#10964: send
Jan 15 01:36:01.000 client: client: debug 3: client 194.47.25.51#10964: sendto
Jan 15 01:36:01.000 client: client: debug 3: client 194.47.25.51#10964: senddone
Jan 15 01:36:01.000 client: client: debug 3: client 194.47.25.51#10964: next
Jan 15 01:36:01.000 client: client: debug 3: client 194.47.25.51#10964: endrequest
Jan 15 01:36:01.000 client: client: debug 3: client @8c3052a0: udprecv
Jan 15 01:36:01.000 client: client: debug 3: client 81.228.43.155#3730: UDP request
Jan 15 01:36:01.000 security: client: debug 3: client 81.228.43.155#3730: request is not signed
Jan 15 01:36:01.000 security: client: debug 3: client 81.228.43.155#3730: recursion available: approved
Jan 15 01:36:01.000 client: client: debug 3: client 81.228.43.155#3730: query
Jan 15 01:36:01.000 security: client: debug 3: client 81.228.43.155#3730: query (cache) approved
Jan 15 01:36:01.000 client: client: debug 3: client 81.228.43.155#3730: send
Jan 15 01:36:01.000 client: client: debug 3: client 81.228.43.155#3730: sendto
Jan 15 01:36:01.000 client: client: debug 3: client 81.228.43.155#3730: senddone
Jan 15 01:36:01.000 client: client: debug 3: client 81.228.43.155#3730: next
Jan 15 01:36:01.000 client: client: debug 3: client 81.228.43.155#3730: endrequest
Jan 15 01:36:01.000 client: client: debug 3: client @8c3052a0: udprecv
Jan 15 01:36:02.000 client: client: debug 3: client 0.0.0.0#36818: UDP request
Jan 15 01:36:02.000 security: client: debug 3: client 0.0.0.0#36818: request is not signed
Jan 15 01:36:02.000 security: client: debug 3: client 0.0.0.0#36818: recursion available: approved
Jan 15 01:36:02.000 client: client: debug 3: client 0.0.0.0#36818: query
Jan 15 01:36:02.000 security: query: debug 3: client 0.0.0.0#36818: query 'hktecutbfs.tec.hkr.se/IN' approved
Jan 15 01:36:02.000 client: client: debug 3: client 0.0.0.0#36818: send
Jan 15 01:36:02.000 client: client: debug 3: client 0.0.0.0#36818: sendto
Jan 15 01:36:19.000 client: client: debug 3: client 194.47.25.8#10380: timeout
Jan 15 01:36:19.000 client: client: debug 3: client 194.47.25.8#10380: closetcp
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: new TCP connection
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: replace
Jan 15 01:37:22.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:37:22.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: read
Jan 15 01:37:22.000 client: client: debug 3: client @8c305540: accept
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: TCP request
Jan 15 01:37:22.000 security: client: debug 3: client 194.47.25.8#10381: request is not signed
Jan 15 01:37:22.000 security: client: debug 3: client 194.47.25.8#10381: recursion available: approved
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: query
Jan 15 01:37:22.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:37:22.000 general: server: info: Found correct number of counts in header
Jan 15 01:37:22.000 update: update: info: client 194.47.25.8#10381: Novell Dynamic Update : Query received
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: sendto
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: senddone
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: next
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: endrequest
Jan 15 01:37:22.000 client: client: debug 3: client 194.47.25.8#10381: read
Jan 15 01:37:52.000 client: client: debug 3: client 194.47.25.8#10381: timeout
Jan 15 01:37:52.000 client: client: debug 3: client 194.47.25.8#10381: closetcp
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: new TCP connection
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: replace
Jan 15 01:38:56.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:38:56.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: read
Jan 15 01:38:56.000 client: client: debug 3: client @8ba2fd40: accept
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: TCP request
Jan 15 01:38:56.000 security: client: debug 3: client 194.47.25.8#10382: request is not signed
Jan 15 01:38:56.000 security: client: debug 3: client 194.47.25.8#10382: recursion available: approved
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: query
Jan 15 01:38:56.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:38:56.000 general: server: info: Found correct number of counts in header
Jan 15 01:38:56.000 update: update: info: client 194.47.25.8#10382: Novell Dynamic Update : Query received
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: sendto
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: senddone
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: next
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: endrequest
Jan 15 01:38:56.000 client: client: debug 3: client 194.47.25.8#10382: read
Jan 15 01:39:26.000 client: client: debug 3: client 194.47.25.8#10382: timeout
Jan 15 01:39:26.000 client: client: debug 3: client 194.47.25.8#10382: closetcp
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: new TCP connection
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: replace
Jan 15 01:40:29.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:40:29.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: read
Jan 15 01:40:29.000 client: client: debug 3: client @883c4280: accept
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: TCP request
Jan 15 01:40:29.000 security: client: debug 3: client 194.47.25.8#10383: request is not signed
Jan 15 01:40:29.000 security: client: debug 3: client 194.47.25.8#10383: recursion available: approved
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: query
Jan 15 01:40:29.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:40:29.000 general: server: info: Found correct number of counts in header
Jan 15 01:40:29.000 update: update: info: client 194.47.25.8#10383: Novell Dynamic Update : Query received
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: sendto
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: senddone
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: next
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: endrequest
Jan 15 01:40:29.000 client: client: debug 3: client 194.47.25.8#10383: read
Jan 15 01:40:59.000 client: client: debug 3: client 194.47.25.8#10383: timeout
Jan 15 01:40:59.000 client: client: debug 3: client 194.47.25.8#10383: closetcp
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: new TCP connection
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: replace
Jan 15 01:42:01.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:42:01.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: read
Jan 15 01:42:01.000 client: client: debug 3: client @8ba30280: accept
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: TCP request
Jan 15 01:42:01.000 security: client: debug 3: client 194.47.25.8#10384: request is not signed
Jan 15 01:42:01.000 security: client: debug 3: client 194.47.25.8#10384: recursion available: approved
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: query
Jan 15 01:42:01.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:42:01.000 general: server: info: Found correct number of counts in header
Jan 15 01:42:01.000 update: update: info: client 194.47.25.8#10384: Novell Dynamic Update : Query received
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: sendto
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: senddone
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: next
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: endrequest
Jan 15 01:42:01.000 client: client: debug 3: client 194.47.25.8#10384: read
Jan 15 01:42:31.000 client: client: debug 3: client 194.47.25.8#10384: timeout
Jan 15 01:42:31.000 client: client: debug 3: client 194.47.25.8#10384: closetcp
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: new TCP connection
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: replace
Jan 15 01:43:35.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:43:35.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: read
Jan 15 01:43:35.000 client: client: debug 3: client @8c305d20: accept
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: TCP request
Jan 15 01:43:35.000 security: client: debug 3: client 194.47.25.8#10385: request is not signed
Jan 15 01:43:35.000 security: client: debug 3: client 194.47.25.8#10385: recursion available: approved
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: query
Jan 15 01:43:35.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:43:35.000 general: server: info: Found correct number of counts in header
Jan 15 01:43:35.000 update: update: info: client 194.47.25.8#10385: Novell Dynamic Update : Query received
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: sendto
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: senddone
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: next
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: endrequest
Jan 15 01:43:35.000 client: client: debug 3: client 194.47.25.8#10385: read
Jan 15 01:44:05.000 client: client: debug 3: client 194.47.25.8#10385: timeout
Jan 15 01:44:05.000 client: client: debug 3: client 194.47.25.8#10385: closetcp
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: new TCP connection
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: replace
Jan 15 01:45:06.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:45:06.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: read
Jan 15 01:45:06.000 client: client: debug 3: client @883c4a60: accept
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: TCP request
Jan 15 01:45:06.000 security: client: debug 3: client 194.47.25.8#10386: request is not signed
Jan 15 01:45:06.000 security: client: debug 3: client 194.47.25.8#10386: recursion available: approved
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: query
Jan 15 01:45:06.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:45:06.000 general: server: info: Found correct number of counts in header
Jan 15 01:45:06.000 update: update: info: client 194.47.25.8#10386: Novell Dynamic Update : Query received
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: sendto
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: senddone
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: next
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: endrequest
Jan 15 01:45:06.000 client: client: debug 3: client 194.47.25.8#10386: read
Jan 15 01:45:36.000 client: client: debug 3: client 194.47.25.8#10386: timeout
Jan 15 01:45:36.000 client: client: debug 3: client 194.47.25.8#10386: closetcp
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: new TCP connection
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: replace
Jan 15 01:46:38.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:46:38.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: read
Jan 15 01:46:38.000 client: client: debug 3: client @8ba2f2c0: accept
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: TCP request
Jan 15 01:46:38.000 security: client: debug 3: client 194.47.25.8#10387: request is not signed
Jan 15 01:46:38.000 security: client: debug 3: client 194.47.25.8#10387: recursion available: approved
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: query
Jan 15 01:46:38.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:46:38.000 general: server: info: Found correct number of counts in header
Jan 15 01:46:38.000 update: update: info: client 194.47.25.8#10387: Novell Dynamic Update : Query received
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: sendto
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: senddone
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: next
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: endrequest
Jan 15 01:46:38.000 client: client: debug 3: client 194.47.25.8#10387: read
Jan 15 01:47:08.000 client: client: debug 3: client 194.47.25.8#10387: timeout
Jan 15 01:47:08.000 client: client: debug 3: client 194.47.25.8#10387: closetcp
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: new TCP connection
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: replace
Jan 15 01:48:11.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:48:11.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: read
Jan 15 01:48:11.000 client: client: debug 3: client @8ba2ffe0: accept
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: TCP request
Jan 15 01:48:11.000 security: client: debug 3: client 194.47.25.8#10388: request is not signed
Jan 15 01:48:11.000 security: client: debug 3: client 194.47.25.8#10388: recursion available: approved
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: query
Jan 15 01:48:11.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:48:11.000 general: server: info: Found correct number of counts in header
Jan 15 01:48:11.000 update: update: info: client 194.47.25.8#10388: Novell Dynamic Update : Query received
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: sendto
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: senddone
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: next
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: endrequest
Jan 15 01:48:11.000 client: client: debug 3: client 194.47.25.8#10388: read
Jan 15 01:48:41.000 client: client: debug 3: client 194.47.25.8#10388: timeout
Jan 15 01:48:41.000 client: client: debug 3: client 194.47.25.8#10388: closetcp
Jan 15 01:48:53.000 client: client: debug 3: client 194.47.45.51#4207: new TCP connection
Jan 15 01:48:53.000 client: client: debug 3: client 194.47.45.51#4207: replace
Jan 15 01:48:53.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:48:53.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:48:53.000 client: client: debug 3: client 194.47.45.51#4207: read
Jan 15 01:48:53.000 client: client: debug 3: client @8cb2c520: accept
Jan 15 01:48:53.000 client: client: debug 3: client 194.47.45.51#4207: next
Jan 15 01:48:53.000 security: client: debug 3: client 194.47.45.51#4207: request failed: end of file
Jan 15 01:48:53.000 client: client: debug 3: client 194.47.45.51#4207: endrequest
Jan 15 01:48:53.000 client: client: debug 3: client 194.47.45.51#4207: closetcp
Jan 15 01:49:07.000 general: dynamicrecon: info: Starting the dynamic reconfiguration
Jan 15 01:49:07.000 general: dynamicrecon: info: Dynamic reconfiguration completed.
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: new TCP connection
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: replace
Jan 15 01:49:44.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:49:44.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: read
Jan 15 01:49:44.000 client: client: debug 3: client @883c47c0: accept
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: TCP request
Jan 15 01:49:44.000 security: client: debug 3: client 194.47.25.8#10389: request is not signed
Jan 15 01:49:44.000 security: client: debug 3: client 194.47.25.8#10389: recursion available: approved
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: query
Jan 15 01:49:44.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:49:44.000 general: server: info: Found correct number of counts in header
Jan 15 01:49:44.000 update: update: info: client 194.47.25.8#10389: Novell Dynamic Update : Query received
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: sendto
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: senddone
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: next
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: endrequest
Jan 15 01:49:44.000 client: client: debug 3: client 194.47.25.8#10389: read
Jan 15 01:50:14.000 client: client: debug 3: client 194.47.25.8#10389: timeout
Jan 15 01:50:14.000 client: client: debug 3: client 194.47.25.8#10389: closetcp
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: new TCP connection
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: replace
Jan 15 01:51:17.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:51:17.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: read
Jan 15 01:51:17.000 client: client: debug 3: client @8cb2ca60: accept
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: TCP request
Jan 15 01:51:17.000 security: client: debug 3: client 194.47.25.8#10390: request is not signed
Jan 15 01:51:17.000 security: client: debug 3: client 194.47.25.8#10390: recursion available: approved
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: query
Jan 15 01:51:17.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:51:17.000 general: server: info: Found correct number of counts in header
Jan 15 01:51:17.000 update: update: info: client 194.47.25.8#10390: Novell Dynamic Update : Query received
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: sendto
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: senddone
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: next
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: endrequest
Jan 15 01:51:17.000 client: client: debug 3: client 194.47.25.8#10390: read
Jan 15 01:51:47.000 client: client: debug 3: client 194.47.25.8#10390: timeout
Jan 15 01:51:47.000 client: client: debug 3: client 194.47.25.8#10390: closetcp
Jan 15 01:52:50.000 client: client: debug 3: client 194.47.25.8#10391: new TCP connection
Jan 15 01:52:50.000 client: client: debug 3: client 194.47.25.8#10391: replace
Jan 15 01:52:50.000 general: client: debug 3: clientmgr @881e0d40: createclients
Jan 15 01:52:50.000 general: client: debug 3: clientmgr @881e0d40: recycle
Jan 15 01:52:50.000 client: client: debug 3: client 194.47.25.8#10391: read
Jan 15 01:52:50.000 client: client: debug 3: client @8ba2f020: accept
Jan 15 01:52:50.000 client: client: debug 3: client 194.47.25.8#10391: TCP request
Jan 15 01:52:50.000 security: client: debug 3: client 194.47.25.8#10391: request is not signed
Jan 15 01:52:50.000 security: client: debug 3: client 194.47.25.8#10391: recursion available: approved
Jan 15 01:52:50.000 client: client: debug 3: client 194.47.25.8#10391: query
Jan 15 01:52:50.000 general: server: info: Failed in getting question name : Checking for StartStop / Dynamic update
query
Jan 15 01:52:50.000 general: server: info: Found correct number of counts in header
Jan 15 01:52:50.000 update: update: info: client 194.47.25.8#10391: Novell Dynamic Update : Query received

----------------------------
Paul Thurn
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DNS giving up

In article <ie9gu098mv6044kc7ugh0en4fchkkm0ba9@4ax.com>, Paul Thurn wrote:
> But the network dude said that he could put in a scrubber and stop all 0.0.0.0 addresses

from the outside.
>

OK, that might help. 🙂

bd
NSC Volunteer SysOp


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DNS giving up

In article <moshu05lnr5atolk7df2s30bq87fhce82h@4ax.com>, Paul Thurn
wrote:
> someone has watch over it to stop the pktscan when 0.0.0.0 shows
> up... Hmm won't be easy..
>

An alternative would be to sniff from a workstation where disk space
isn't as much of a concern. Packetyzer is a freebie, built on
ethereal, with a more friendly interface:

http://www.networkchemistry.com/products/packetyzer/

But if you're gonna nuke the 0.0.0.0 packets before they get there, you
may not need it (this weekend, anyway :).

bd
NSC Volunteer SysOp


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: DNS giving up

Oh yeah... Novell suggests you install the latest IP stack on your
server, if you haven't already. It fixes a similar and perhaps related
issue.

bd
NSC Volunteer SysOp


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.