lots of dns requests from China, should I worry?
Posted
by
nn4l
on Server Fault
See other posts from Server Fault
or by nn4l
Published on 2012-04-07T10:58:30Z
Indexed on
2012/04/07
11:33 UTC
Read the original article
Hit count: 298
I have turned on dns query logs, and when running "tail -f /var/log/syslog" I see that I get hundreds of identical requests from a single ip address:
Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#10856: query: mydomain.de IN ANY +
Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#44334: query: mydomain.de IN ANY +
Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#15268: query: mydomain.de IN ANY +
Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#59597: query: mydomain.de IN ANY +
The frequency is about 5 - 10 requests per second, going on for about a minute. After that the same effect repeats from a different IP address. I have now logged about 10000 requests from about 25 ip addresses within just a couple of hours, all of them come from China according to "whois [ipaddr]".
What is going on here? Is my name server under attack? Can I do something about this?
© Server Fault or respective owner