[dns-operations] context-enroll.ccs.mcafee.com

Router Log logrouterlog at gmail.com
Wed Feb 15 09:23:38 UTC 2017


Good morning bind users

Starting on 13th feb a lot of error messages logged regarding the name 
context-enroll.ccs.mcafee.com. (see below).

I can see that ccs.mcafee.com doesn't appear to have a soa record but I 
haven't seen this amount of errors before.

I wonder if anyone else has seen anything similar?

Using bind 9.11.1rc3  since 9th feb with internal root copies. and using 
dnsdist as the default resolver.

13-Feb-2017 19:00:22.081 lame-servers: info: FORMERR resolving 
'context-enroll.ccs.mcafee.com/NS/IN': 161.69.45.53#53
13-Feb-2017 19:00:22.243 resolver: notice: DNS format error from 
161.69.29.63#53 resolving context-enroll.ccs.mcafee.com/NS for client 
127.0.0.1#49110: Name mcafee.com (SOA) not subdomain of zone 
context-enroll.ccs.mcafee.com -- invalid response
13-Feb-2017 19:00:22.243 lame-servers: info: FORMERR resolving 
'context-enroll.ccs.mcafee.com/NS/IN': 161.69.29.63#53
13-Feb-2017 19:00:22.489 resolver: notice: DNS format error from 
161.69.45.53#53 resolving context-enroll.ccs.mcafee.com/NS for client 
192.168.1.82#55911: Name mcafee.com (SOA) not subdomain of zone 
context-enroll.ccs.mcafee.com -- invalid response

looking at the dnstap data it looks like the queries are generated by 
bind itself and not in response to a query.


13-Feb-2017 16:31:24.116 CQ 192.168.1.82:59227 -> 192.168.1.18:53 UDP 
47b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:24.116 RQ 192.168.1.18:38754 -> 208.69.152.14:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:24.287 RR 192.168.1.18:38754 <- 208.69.152.14:53 UDP 
77b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:24.183 CQ 192.168.1.15:50736 -> 192.168.1.18:53 UDP 
47b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:24.287 RQ 192.168.1.18:36593 -> 193.108.91.2:53 UDP 
60b gtm2.mcafee.com/IN/A
13-Feb-2017 16:31:24.290 RQ 192.168.1.18:58383 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:24.290 RR 192.168.1.18:36593 <- 193.108.91.2:53 UDP 
76b gtm2.mcafee.com/IN/A
13-Feb-2017 16:31:24.816 RR 192.168.1.18:56576 <- 161.69.45.53:53 UDP 
164b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:24.412 RR 192.168.1.18:58383 <- 161.69.45.53:53 UDP 
164b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:24.816 RQ 192.168.1.18:57713 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:24.412 RQ 192.168.1.18:49544 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.217 RQ 192.168.1.18:45151 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:24.535 RR 192.168.1.18:49544 <- 161.69.45.53:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:24.535 RQ 192.168.1.18:35192 -> 161.69.29.63:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:24.694 RR 192.168.1.18:35192 <- 161.69.29.63:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:24.695 RQ 192.168.1.18:56576 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:24.936 RR 192.168.1.18:57713 <- 161.69.45.53:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:24.937 RQ 192.168.1.18:48967 -> 161.69.29.63:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.096 RR 192.168.1.18:48967 <- 161.69.29.63:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.096 RQ 192.168.1.18:51545 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:25.216 RR 192.168.1.18:51545 <- 161.69.45.53:53 UDP 
164b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:25.337 RR 192.168.1.18:45151 <- 161.69.45.53:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.618 RR 192.168.1.18:55203 <- 161.69.45.53:53 UDP 
164b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:25.337 RQ 192.168.1.18:35711 -> 161.69.29.63:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.619 RQ 192.168.1.18:45846 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:26.021 RR 192.168.1.18:51718 <- 161.69.45.53:53 UDP 
164b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.021 RQ 192.168.1.18:56810 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.497 RR 192.168.1.18:35711 <- 161.69.29.63:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.497 RQ 192.168.1.18:55203 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:25.739 RR 192.168.1.18:45846 <- 161.69.45.53:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.740 RQ 192.168.1.18:53127 -> 161.69.29.63:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.899 RR 192.168.1.18:53127 <- 161.69.29.63:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:25.900 RQ 192.168.1.18:51718 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.142 RR 192.168.1.18:56810 <- 161.69.45.53:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:26.142 RQ 192.168.1.18:45754 -> 161.69.29.63:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:26.302 RR 192.168.1.18:45754 <- 161.69.29.63:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:26.423 RR 192.168.1.18:58349 <- 161.69.45.53:53 UDP 
164b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.303 RQ 192.168.1.18:58349 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.423 RQ 192.168.1.18:50481 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:26.830 RR 192.168.1.18:53725 <- 161.69.45.53:53 UDP 
164b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.830 RQ 192.168.1.18:34019 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:27.115 RQ 192.168.1.18:42282 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.545 RR 192.168.1.18:50481 <- 161.69.45.53:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:27.237 RR 192.168.1.18:42282 <- 161.69.45.53:53 UDP 
164b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.545 RQ 192.168.1.18:48941 -> 161.69.29.63:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:27.237 RQ 192.168.1.18:44232 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:26.709 RR 192.168.1.18:48941 <- 161.69.29.63:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:27.250 CQ 192.168.1.15:50736 -> 192.168.1.18:53 UDP 
47b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.709 RQ 192.168.1.18:53725 -> 161.69.45.53:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/A
13-Feb-2017 16:31:26.952 RR 192.168.1.18:34019 <- 161.69.45.53:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:26.953 RQ 192.168.1.18:44990 -> 161.69.29.63:53 UDP 
74b context-enroll.ccs.mcafee.com/IN/NS
13-Feb-2017 16:31:27.114 RR 192.168.1.18:44990 <- 161.69.29.63:53 UDP 
109b context-enroll.ccs.mcafee.com/IN/NS
'

Kind Regards Peter Davies

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170215/831234cc/attachment.html>


More information about the dns-operations mailing list