named blocked by zone-transfers
Jim Reid
jim at rfc1035.com
Tue Dec 21 10:35:36 UTC 1999
>>>>> "Mohammed" == Mohammed Ghanawi <mohammed.ghanawi at hct.ac.ae> writes:
>> Andreas Holzhammer wrote:
>> The slaves send their syslog to the master-server as well. Now
>> when they got the notifies, a lot of syslog-messages were
>> generated, which would make the master-server think of being
>> attacked :-( Either stoping syslogd on the master, disabling
>> syslog-forwarding from the slave to the master, or disabling
>> TCP-SYN cookies cured the disease.
I'm a little bit surprised that this fixes the problem, but life is
full of surprises.
Mohammed> How do you stop syslog-forwarding from the secondary (My
Mohammed> seconday is running bind 4.9.4-p1) ?
Set up syslogd to write any log messages to local files rather than
pump them over the net to a central syslog server. Each forwarded log
message causes a reverse lookup to get the name of the IP address that
sent the syslog packet. To stop this forwarding, make sure there are
no active "@name-or-IP-address" entries in /etc/syslog.conf.
I doubt this has any bearing on the original problem. For one thing,
syslog uses UDP (=> no TCP-SYN cookies to worry about). I can't
imagine that the system logger could break the name server either. If
syslogd goes off into a deep sleep because it's getting too many log
messages, why should that affect named or named-xfer? Apart from
losing some DNS log messages of course...
More information about the bind-users
mailing list