Named errors
Gregory Hicks
ghicks at cadence.com
Wed Jun 28 17:45:58 UTC 2006
> Subject: RE: Named errors
> Date: Wed, 28 Jun 2006 13:21:07 -0400
> From: "Jeff Lightner" <jlightner at water.com>
> To: <gary at catapult.com>, "Kevin Darcy" <kcd at daimlerchrysler.com>
> Cc: <bind-users at isc.org>
>
> Well now it IS broke ain't it?
>
> If you tell them the most likely cause is that you were hacked that in
> tandem with the fact it is not working properly should get them to let
> you upgrade.
Actually, I'd put it more 'diplomatically' as in:
" The Bind that we are using is WELL past its "use-by" date. I need to
upgrade to a much later version. although I cannot positively state
that our name server has been hacked, everything I have now points to
that.
I'll also need to reinstall the OS because, if we HAVE been hacked,
after I get done cleaning things up, I really won't know with 100%
certainty that I've eliminated any/all "back-doors". Really, the only
way to be sure we have a "secure" system is to install from scratch."
Regards,
Gregory Hicks
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Gary Lopez
> Sent: Wednesday, June 28, 2006 1:07 PM
> To: Kevin Darcy
> Cc: bind-users at isc.org
> Subject: Re: Named errors
>
> Thanks Kevin.
> I am trying to convince to company to upgrade. This is a company
> that
> believes in "if it ain't broke don't upgrade it".
>
> Gary D Lopez
> Unix Systems Administrator
> Catapult Communications
> 160 S Whisman Rd
> Mountain View, CA 94041
> Ph (650) 314-1029
> Fax (650) 960-1029
>
>
> Kevin Darcy wrote:
> > Gary Lopez wrote:
> >> Hello everyone,
> >> This problem started over the weekend and not sure why. I have
> been
> >> running the same version of bind 8.1.2 on Solaris 2.7 for the past 4
> >> years without incident. Since this weekend however I started seeing
> >> error messages about wrong ans. name and bad referrals. Is this an
> >> attack or is there something in my bind configuration I need to
> modify?
> >>
> >> example:
> >>
> >> Jun 27 07:21:40 named[11645]: bad referral (. !< pebble.com)
> >> Jun 27 07:21:40 DNS-server named[11645]: bad referral
> >> (169.218.in-addr.arpa !< 87.169.218.in-addr.arpa)
> >> Jun 27 07:21:40 DNS-server last message repeated 1 time
> >> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
> >> (g.www.ms.akadns.net != toggle.www.ms.akadns.net)
> >> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
> >> (lb1.www.ms.akadns.net != toggle.www.ms.akadns.net)
> >> Jun 27 07:21:51 DNS-server last message repeated 5 times
> >> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
> >> (lb1.www.ms.akadns.net != g.www.ms.akadns.net)
> >> Jun 27 07:21:51 DNS-server last message repeated 3 times
> >> Jun 27 07:22:09 DNS-server named[11645]: bad referral (. !<
> sandgrabber.com)
> >>
> > Probably nothing in your configuration you can do to affect this.
> >
> > Is it an attack? Quite likely, since 8.1.2 is/was very exploitable.
> >
> > You *really* need to upgrade. BIND 8 is up to 8.4.7, and BIND 9 (a
> > complete rewrite and the preferred version) is up to 9.3.2.
> >
> >
>
> > - Kevin
> >
> >
> >
>
>
>
-------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400
San Jose, CA 95134 | Internet: ghicks at cadence.com
I am perfectly capable of learning from my mistakes. I will surely
learn a great deal today.
"A democracy is a sheep and two wolves deciding on what to have for
lunch. Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
More information about the bind-users
mailing list