Log Entries DoS Attacks
Mark_Andrews at iengines.com
Mark_Andrews at iengines.com
Sun Nov 21 21:35:52 UTC 1999
> Can someone please explain the significance of these log entries?
>
> Nov 20 23:34:43 www named[2436]: ns_forw:
> query(www.mdwg.mer.cap.gov) contains
> our address (ns1.cap.gov:198.88.0.19)
ns1.cap.gov is listed as a nameserver for one of the zone required
to look up www.mdwg.mer.cap.gov but is not configured as a server
for that zone. In this case it is mdwg.mer.cap.gov.
>
> Nov 21 07:37:09 www named[2436]: dangling CNAME pointer
> (rs.internic.net)
Ignore this it is a normal response. It is downgraded to a level
3 debug message in the current release.
Also if you are seeing this message you should be upgrading, see
the following for why:
http://www.isc.org/products/BIND/bind-security-19991108.html
>
> On an unrelated issue, has anyone implemented or does anyone
> have an opinion regarding implementing the patch and DoS attack
> counter measures found at:
>
> http://www.ciac.org/ciac/bulletins/j-063.shtml
Ask those that have been on the end of such attacks:-)
Yes many sites have implemented this.
>
> Thanks, Bill Webb
>
Mark
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at iengines.com
More information about the bind-users
mailing list