Some servers respond with wrong IP address for my domain
william+dns at hq.newdream.net
Fri Oct 5 18:05:55 UTC 2001
Nate Campi wrote:
> Get a good monitoring system like Mon
> (http://www.kernel.org/software/mon) that will check that your serials
> match. That way you don't have to roll your own.
although the weird thing in this case is that the serials did match; i
think that one of the machines just had incorrect cache information.
my guess is that a newer version of bind would be less succeptible to
this sort of poisoning, no?
jazz% dig version.bind ch txt @newjersey.websoft.com. +sh
jazz% dig version.bind ch txt @vermont.websoft.com. +sh
in any event unless this is a vendor patched version of bind that's
completely patched of the various security holes in that version (and in
fact even if it is), i'd highly recommend upgrading.
you might also consider restricting axfr from outside your network.
GPG Public Key:
More information about the bind-users