Re: named: bad referral x from y?
On Wed, 10 Oct 2001 at 10:38:22 +0300, Mikko Kilpikoski wrote:
> I'm getting a lot of following message in named log:
> bad referral (x.x.x.x.in-addr.arpa !< *.x.x.in-addr.arpa) from [y.y.y.y].53
> Where x is some host in a some network owned by X and y is my ISP's
> nameserver. I've gotten this message about two hosts from different
> networks. The networks in question are owned by same individual.
> What does it mean? Should I be worried? Logcheck considers it a security
I don't think so. I've got from a couple of hundreds to a thousand of such
messages each week. Evidences od misconfigured nameservers. Maybe someone
could explain it in detail?...
> violation. What can I do about it?
"Violation" is because of word "bad". As long as zones mentioned are not
yours, you can safely ignore such messages, I think.
If I'm wrong, corrections are welcome.
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
firstname.lastname@example.org http://www.lodz.tpsa.pl/ | ones and zeros.