| 1 |
fire-eyes wrote: |
| 2 |
> On my small server I am seeing a sudden inrush of requests to named like tihs. |
| 3 |
> Of particular intrest is _domainkey. A quick google search didn't really |
| 4 |
> explain why I am seeing so much of this, it's been going on almost |
| 5 |
> continuously for 20 minutes. |
| 6 |
> |
| 7 |
> So, anyone recognize this stuff? |
| 8 |
> |
| 9 |
Well, this "stuff", as you call it, is just normal DNS queries - but |
| 10 |
more of them than you usually get, as you noted. |
| 11 |
One or two per second is nothing to worry about, and would not be |
| 12 |
considered a DoS attack even if you were on a 56K link... |
| 13 |
|
| 14 |
The _domainkey queries are experimental, or from people who already |
| 15 |
implement SPF and Yahoo's scheme for it. |
| 16 |
That was 10 seconds of Google, by the way ;-) |
| 17 |
|
| 18 |
If you really want to know what is happening, you need to log DNS |
| 19 |
requests and replies. |
| 20 |
Then you can see what information is exchanged, and lookup where they |
| 21 |
come from. |
| 22 |
|
| 23 |
J |
| 24 |
|
| 25 |
-- |
| 26 |
gentoo-server@g.o mailing list |
Archives