HI All,
I use ZAP on my lappy and the alerts whilst informative on occasions, are sometimes perplexing and slow things down a lot, freezing the lappy... but that's another problem.
Anyway I am writing as I have had an alert today for "min.exe" and associated with it in the same alert are
Destination IP:4.23.54.126:DNS
or 192.168.1.1:DNS.
I have tried looking these up on DNSStuff web site. But a bit bewildered by the output. Is there any chance anyone can summarise this type of feedback for me?
Generated by
www.DNSstuff.comWhen the server was last reloaded, we had 143692 IP addresses banned.
Remember, you are not allowed to use automated programs to access our tools, unless you have a purchased a DNSstuff automated usage plan.
Please email
sales@dnsstuff.com to learn more.
Location: United States [City: ]
Preparation:
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 4.23.54.126 is found by looking up the PTR record for
126.54.23.4.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.
How I am searching:
Asking b.root-servers.net for 126.54.23.4.in-addr.arpa PTR record:
b.root-servers.net says to go to ns2.level3.net. (zone: 4.in-addr.arpa.)
Asking ns2.level3.net. for 126.54.23.4.in-addr.arpa PTR record:
ns2.level3.net [209.244.0.2] says to go to dnsauth2.sys.gtei.net. (zone: 23.4.in-addr.arpa.)
Asking dnsauth2.sys.gtei.net. for 126.54.23.4.in-addr.arpa PTR record: Reports that no PTR records exist [from 4.2.49.3].
Answer:
No PTR records exist for 4.23.54.126. [Neg TTL=86400 seconds]
Details:
dnsauth2.sys.gtei.net. (an authoritative nameserver for 23.4.in-addr.arpa., which is in charge of the reverse DNS for 4.23.54.126)
says that there are no PTR records for 4.23.54.126.
To get reverse DNS set up for 4.23.54.126, you need to speak to your Internet provider. You could also
check with dnsadmin@level3.net., who is in charge of the 23.4.in-addr.arpa. zone.
Note that all Internet accessible hosts are expected to have a reverse DNS entry (per RFC1912 2.1),
and many mailservers (such as AOL) will likely block E-mail from mailservers with no reverse DNS entry.
To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.
I haven't noticed this alert before. SO got a bit concerned.
Cheers
EDIT:
ZAP seems to be popping up every now and then with the warning that it is trying to access the trusted zone... as far as I can see it is something to do with window minimising, but not sure about the DNS bit
...
