Is my BIND Server's Cache Poisioned ?

Joe Shen joe_hznm at yahoo.com.sg
Thu Jun 30 01:30:52 UTC 2005


Hi,

I met a strange problem with my cache server, which
runs BIND9.3.1.

In past days, our customers complaint that three
domain names (www.hangzhou.gov.cn, www.zpepc.com.cn)
could not be resolved frequently. I checked on the
cache server and found, when the cache server could
not resolve www.hangzhou.gov.cn (www.zpepc.com.cn) I
can solve the problem by running "rndc flush". 

The debugging output of named process has the
following output when it could not resolve
www.hangzhou.gov.cn.

Do that mean my cache server is poisioned for these
two domain name? 

===============================

24-Jun-2005 19:02:00.015 client 202.101.172.148#32769:
UDP request
24-Jun-2005 19:02:00.026 client 202.101.172.148#32769:
view internal-in: request is not signed
24-Jun-2005 19:02:00.026 client 202.101.172.148#32769:
view internal-in: recursion available
24-Jun-2005 19:02:00.026 client 202.101.172.148#32769:
view internal-in: query
24-Jun-2005 19:02:00.026 client 202.101.172.148#32769:
view internal-in: query (cache)
'www.hangzhou.gov.cn/A/I
N' approved
24-Jun-2005 19:02:00.026 client 202.101.172.148#32769:
view internal-in: replace
24-Jun-2005 19:02:00.026 clientmgr @2addf8:
createclients
24-Jun-2005 19:02:00.026 clientmgr @2addf8: create new
24-Jun-2005 19:02:00.026 client @3c19f28: create
24-Jun-2005 19:02:00.026 createfetch:
www.hangzhou.gov.cn A
24-Jun-2005 19:02:00.026 client @3c19f28: udprecv
24-Jun-2005 19:02:00.026 fctx
37ad318(www.hangzhou.gov.cn/A'): create
24-Jun-2005 19:02:00.026 fctx
37ad318(www.hangzhou.gov.cn/A'): join
24-Jun-2005 19:02:00.026 fetch 2739250 (fctx
37ad318(www.hangzhou.gov.cn/A)): created
24-Jun-2005 19:02:00.026 fctx
37ad318(www.hangzhou.gov.cn/A'): start
24-Jun-2005 19:02:00.026 fctx
37ad318(www.hangzhou.gov.cn/A'): try
24-Jun-2005 19:02:00.026 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelqueries
24-Jun-2005 19:02:00.026 fctx
37ad318(www.hangzhou.gov.cn/A'): getaddresses
24-Jun-2005 19:02:00.027 fctx
37ad318(www.hangzhou.gov.cn/A'): query
24-Jun-2005 19:02:00.027 resquery 74b4870 (fctx
37ad318(www.hangzhou.gov.cn/A)): send
24-Jun-2005 19:02:00.027 resquery 74b4870 (fctx
37ad318(www.hangzhou.gov.cn/A)): sent
24-Jun-2005 19:02:00.027 resquery 74b4870 (fctx
37ad318(www.hangzhou.gov.cn/A)): senddone
24-Jun-2005 19:02:00.049 resquery 74b4870 (fctx
37ad318(www.hangzhou.gov.cn/A)): response
24-Jun-2005 19:02:00.049 fctx
37ad318(www.hangzhou.gov.cn/A'): noanswer_response
24-Jun-2005 19:02:00.049 fctx
37ad318(www.hangzhou.gov.cn/A'): cache_message
24-Jun-2005 19:02:00.049 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelquery
24-Jun-2005 19:02:00.049 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelqueries
24-Jun-2005 19:02:00.049 fctx
37ad318(www.hangzhou.gov.cn/A'): try
24-Jun-2005 19:02:00.049 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelqueries
24-Jun-2005 19:02:00.049 fctx
37ad318(www.hangzhou.gov.cn/A'): getaddresses
24-Jun-2005 19:02:00.050 fctx
37ad318(www.hangzhou.gov.cn/A'): query
24-Jun-2005 19:02:00.050 resquery 74b4870 (fctx
37ad318(www.hangzhou.gov.cn/A)): send
24-Jun-2005 19:02:00.050 resquery 74b4870 (fctx
37ad318(www.hangzhou.gov.cn/A)): sent
24-Jun-2005 19:02:00.050 resquery 74b4870 (fctx
37ad318(www.hangzhou.gov.cn/A)): senddone
36  24-Jun-2005 19:02:00.052 fctx
37ad318(www.hangzhou.gov.cn/A'): noanswer_response
    37  24-Jun-2005 19:02:00.052 fctx
37ad318(www.hangzhou.gov.cn/A'): cache_message
    38  24-Jun-2005 19:02:00.052 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelquery
    39  24-Jun-2005 19:02:00.052 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelqueries
    40  24-Jun-2005 19:02:00.052 fctx
37ad318(www.hangzhou.gov.cn/A'): try
    41  24-Jun-2005 19:02:00.052 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelqueries
    42  24-Jun-2005 19:02:00.052 fctx
37ad318(www.hangzhou.gov.cn/A'): getaddresses
    43  24-Jun-2005 19:02:00.052 fctx
37ad318(www.hangzhou.gov.cn/A'): query
    44  24-Jun-2005 19:02:00.052 resquery 74b4870
(fctx 37ad318(www.hangzhou.gov.cn/A)): send
    45  24-Jun-2005 19:02:00.053 resquery 74b4870
(fctx 37ad318(www.hangzhou.gov.cn/A)): sent
    46  24-Jun-2005 19:02:00.053 resquery 74b4870
(fctx 37ad318(www.hangzhou.gov.cn/A)): senddone
    47  24-Jun-2005 19:02:00.054 resquery 74b4870
(fctx 37ad318(www.hangzhou.gov.cn/A)): response
    48  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): answer_response
    49  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): cache_message
    50  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): clone_results
    51  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelquery
    52  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): done
    53  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): stopeverything
    54  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): cancelqueries
    55  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): sendevents
    56  24-Jun-2005 19:02:00.054 fetch 2739250 (fctx
37ad318(www.hangzhou.gov.cn/A)): destroyfetch
    57  24-Jun-2005 19:02:00.054 fctx
37ad318(www.hangzhou.gov.cn/A'): shutdown

=============================== 


regards

Joe



	
	
		
__________________________________ 
Do you Yahoo!? 
New and Improved Yahoo! Mail - 1GB free storage! 
http://sg.info.mail.yahoo.com



More information about the NANOG mailing list