bind 9 goes rogue and revert zone information
Reindl Harald
h.reindl at thelounge.net
Tue Feb 7 23:06:09 UTC 2017
Am 07.02.2017 um 23:52 schrieb Alberto Colosi:
> The truth is to solve it not to ask what an hacker (maybe a child runned a tool found on internet as virus toolkits).
the truth is to *find out* what happens and since it's more likely that
some forgotten piece of cronscript lives somewhere than a hacker did it
a triggered cronmail would call that script if it spits out something on
stderr
that "chattr +i" for now stops anything including root to touch that
file until "chattr -i" was issued is just a side-effect
> To quote me is not a solution to the issue.
> Good your last line only on your last mail
not sure to whom you are talking because the quoting of your last mail
was completly weird
> yeah, but why should they be so dumb and set your dns zone to the values
> 24 hours before so that you notice the issue and much better question:
> from where do they have the exactly data of your own zone 24 hours before?
>
> try "chattr +i" on your zonefile so that it can't be touched and with
> some luck the stuff trying to replace it will error out in cronmails or
> syslog
More information about the bind-users
mailing list