Topic: SME server sending DNS queries to root name servers - is this normal?

[CharlieBrady]

This must actually be the oposite of a dos attach, rather something like a centralized dos attack, a cdos with a max rate of 2 packets per second per target. (Yes, cdos is a new term.)

As is often the case, you are spouting rubbish, Arne. The logs show SME server sending a few DNS queries to the root name servers. That is perfectly normal SME server operation. It's how DNS works.

[purvis]

Charlie,
i am going to reinstall because my time to do it should be minimum
i wanted to split up my internet email services anyway for the file server.
and i want to setup a web server on its own also.

i want to also create a backup server.
also i had change the servers name and the internet name on the computer(or what ever it is called), those changes left some unwanted footprints on my machine.
also i going to provide a new stronger password
back to the subject

after shutting down internet access to the computer and setting ClamAV to not do a virus scan the problem went away.
i have now just started letting the internet access the computer.

i will probably start the ClamAv if i do not see any more problems to see if ClamAV is what is causing the activity.

 

[CharlieBrady]

i will probably start the ClamAv if i do not see any more problems to see if ClamAV is what is causing the activity.

Why are you worried about the activity at all?

Or, if you really can't control your curiousity and want to know what DNS queries are triggering the root server lookups, why don't you look in the dnscache logs?

[purvis]

thanks Charlie
i did look through some logs
i like to know what my systems are doing, specially when they are sending information outside of my location.
i will look into dnscache.
thanks for the heads up.
paul

Charlie, i cannot understand why anybody would not be concerned about internet activity.
when you administrate some computers, you should know what is going on, period, when it comes to traffic being generated  on the internet from your location.
anything else in my view where a person does not try to find out such things and it is under their control, well, they simply are not doing their jobs.

[warren]

Charlie, i cannot understand why anybody would not be concerned about internet activity.
when you administrate some computers, you should know what is going on, period, when it comes to traffic being generated  on the internet from your location.
anything else in my view where a person does not try to find out such things and it is under their control, well, they simply are not doing their jobs.

Its also under your control to understand exactly the how and why of the DNS resolver software;
so as Charlie pointed out ;

... Please go and educate yourself about recursive name servers. SME server includes one, called dnscache.

Then you will be in  Control   

[arne]

CharieBrady ->

Arne: This must actually be the oposite of a dos attach, rather something like a centralized dos attack, a cdos with a max rate of 2 packets per second per target. (Yes, cdos is a new term.)

CharieBrady: As is often the case, you are spouting rubbish, Arne. The logs show SME server sending a few DNS queries to the root name servers. That is perfectly normal SME server operation. It's how DNS works.

Well this was intended to be a joke. The central part of the joke was that anybody should understand that you are right, and that this is only normaly activity as you actually do mention.

Except for the joke in could be interesting to look into or discuss what a dos or a ddos attach actually is and why a log entry should indicate or not indicate that a dos or a ddos attach is going on. This should be important for anybody to know something about, I think. Even I should know about it, as long as I have some servers, and a sme server running.

It should by the way be rather easy to mention a few friendly words about how the dns (cache) server of the sme server work. With two or tree happy words about this theme, there should be no need to send people for further "education".

To clarify: There is as far as I know nothing called a cdos attach, this was a joke. Some times rubbish and non rubbish leads to technically the same conclusions, but different kind of humor. 

By the way, I'm very pleased with the sme server, and I think developers and maintainers does a great job.

[arne]

By the way, what a dos and a ddos attach is, and how it might look in the log, and how a caching dns server works, this is actually network communications and network security on its first and basic entry level.

Why not discuss basic network stuff as the technical stuff it actually is, to spread some light on this, rather than bring some hard feelings into that anyone like to understand what happen and whats going on ?

As I would see it technical stuff is best and most easy treated as technical stuff.

To give an explanation about how a dos or a ddos attach is carried out, how you eventually can see it in the log, and what to look for, and how the caching dns server works, this should actually require a few lines of explanations in this tread, and it should require no hard feelings at all.