Persistent DNS Zone Transfer Attempts from IP 128.232.0.31

• Previous message (by thread): Persistent DNS Zone Transfer Attempts from IP 128.232.0.31
• Next message (by thread): Persistent DNS Zone Transfer Attempts from IP 128.232.0.31
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 26 Jun 2004 11:19:16 -0400
"Jon R. Kibler" <Jon.Kibler at aset.com> wrote:

| Anyone know anything about IP 128.232.0.31?
| > # host 128.232.0.31
| > 31.0.232.128.in-addr.arpa domain name pointer dns-probe.srg.cl.cam.ac.uk.
| 
| We have been getting persistent zone transfer attempts that originate
| from this IP address. We have had repeated zone transfer attempts
| against all of our DNS zones -- and against all 7 name servers that we
| manage. This has been going on now for about a month or two -- more or
| less. Recently, we have also seen attempts to do zone transfers for
| non-authoritative domains. Logging shows that this IP apparently never
| attempts to make legitimate DNS queries, only zone transfers.
| 
| Anyone know anything about this IP?
| 
| Anyone else have the appropriate logging enabled and also seeing this
| IP make zone transfer attempts?
| 
| Thoughts/comments/suggestions?

If you go to http://dns-probe.srg.cl.cam.ac.uk you will see that this
activity is part of a well-documented research project at Cambridge
University in the UK, which has a widely-respected computer laboratory.

I have, out of courtesy, forwarded your concerns to appropriate people
there but would assure everybody that this activity is entirely benign!

-- 
Richard Cox

• Previous message (by thread): Persistent DNS Zone Transfer Attempts from IP 128.232.0.31
• Next message (by thread): Persistent DNS Zone Transfer Attempts from IP 128.232.0.31
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]