[cobalt-security] dns on a RaQ4r

[David Lucas <david@xxxxxxxxxxxxxxxx>]

Can anyone explain the following in my log?

Apr 17 20:05:02 www sendmail[17236]: h3I151W17236: 6696216150.hostnoc.net 
[66.96.216.150] (may be forged): HELO/EHLO attack?


Apr 17 15:04:37 www named[480]: bad referral (158.24.in-addr.arpa !< 
235.158.24.in-addr.arpa) from [24.196.17.8].53


Apr 17 21:34:20 www named[480]: Request IXFR from [64.81.117.120].1029
Apr 17 21:34:20 www named[480]: approved IXFR/AXFR from 
[64.81.117.120].1029 for "doublebassshop.com"


Apr 17 18:12:51 www named[480]: Lame server on '66.218.94.64.in-addr.arpa' 
(in '218.94.64.in-addr.arpa'?): [216.52.97.33].53 'ns2.ocy.pnap.net'
Apr 17 16:09:07 www named[480]: Lame server on '45.16.245.213.in-addr.arpa' 
(in '16.245.213.in-addr.arpa'?): [193.0.0.193].53 'ns.ripe.net'
Apr 17 12:46:13 www named[480]: Lame server on '70.247.65.67.in-addr.arpa' 
(in '247.65.67.in-addr.arpa'?): [151.164.1.1].53 'ns1.swbell.net'


Do I take it the first is a sendmail attach?... If so, is there anything I 
can do about it?
Is the third just a normal update for DNS?  I think it is doing to often if so.
Are the fourth group just misconfigured servers?  (not mine?)
second one, I'm totally lost


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.