DDoS or Hijacking? Some tips for you delete poisoned cache

Lawrence K. Chen, P.Eng. lkchen at ksu.edu
Fri Jun 21 18:18:00 UTC 2013

----- Original Message -----
> https://www.isc.org/blogs/hijacking-dns-error-ddos-what-happened-and-what-you-can-do/
> From ISC Support Engineering staff

Yeah...yesterday I did an 'rndc flush' on all my caching servers.  I have a script to do 'rndc flushname <domain>' on all our servers, but at the time it seemed flush was the way to go.

The flushname script exists to speed up our caches picking up changes to our zones, even though a lot of our caching nameservers are also authoritative for a subset of our domains....when I took over DNS, everything was authoritative and recursive caching, and open to the world....rerolling servers has been a slow process.  I still haven't gotten all the 'new' servers deployed to where they need to be, and the hardware will be EOL early next year.  Plus there's the move to where Solaris will only be used for specific applications rather than for everything coming....

Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkchen at ksu.edu
Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library

More information about the bind-users mailing list