|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Persistent DNS Zone Transfer Attempts from IP 128.232.0.31
On Sat, 26 Jun 2004 11:19:16 -0400 "Jon R. Kibler" <[email protected]> wrote: | Anyone know anything about IP 128.232.0.31? | > # host 128.232.0.31 | > 31.0.232.128.in-addr.arpa domain name pointer dns-probe.srg.cl.cam.ac.uk. | | We have been getting persistent zone transfer attempts that originate | from this IP address. We have had repeated zone transfer attempts | against all of our DNS zones -- and against all 7 name servers that we | manage. This has been going on now for about a month or two -- more or | less. Recently, we have also seen attempts to do zone transfers for | non-authoritative domains. Logging shows that this IP apparently never | attempts to make legitimate DNS queries, only zone transfers. | | Anyone know anything about this IP? | | Anyone else have the appropriate logging enabled and also seeing this | IP make zone transfer attempts? | | Thoughts/comments/suggestions? If you go to http://dns-probe.srg.cl.cam.ac.uk you will see that this activity is part of a well-documented research project at Cambridge University in the UK, which has a widely-respected computer laboratory. I have, out of courtesy, forwarded your concerns to appropriate people there but would assure everybody that this activity is entirely benign! -- Richard Cox
|