Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Bill on July 23, 2003, 06:07:01 PM

Title: What is this traffic?
Post by: Bill on July 23, 2003, 06:07:01 PM

I keep getting the following log entry:

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Jul 23 12:14:46 sme1 named[3495]: lame server resolving '154.101.115.68.relays.osirusoft.com' (in 'relays.osirusoft.com'?): 203.16.167.1#53

Any idea why these guys would be repeatedly scanning me? I know I am not an open relay so why 4-6 scans a day?

Title: Re: What is this traffic?
Post by: Mats Karlsson on July 23, 2003, 08:02:23 PM

DNS server uses port 53.

A server is listed as being authoritative, but isn't.  A lame server is one that returns cached replies when it should be returning authoritative answers.

Commonly caused by out-of-date secondary DNS.  This happens when one does not properly update secondary, or when one provides secondary DNS for another company that doesn't keep the info up-to-date.


/Mats

Title: Re: What is this traffic?
Post by: Rich Lafferty on July 23, 2003, 09:14:22 PM

There's no scanning there. Your machine did a DNS request for an address in osirusoft.com, their DNS is misconfigured, and your DNS server is telling you that. It's a record of traffic you generated -- you can ignore it.

As to why, I suspect perhaps you have some sort of antispam software installed that does DNS RBL checks?