named dying
keith at mail.telestream.com
keith at mail.telestream.com
Mon Jul 3 23:03:59 UTC 2000
Ok, I've got both secondary and primary servers up to 8.2.2-P5. If it
happens again what would one look at as being at issue? And no there were
not log messages.
Keith
=================================
Keith W.
At the helm <for better or worse>
=================================
On Mon, 3 Jul 2000, Michael Bryan wrote:
>
>
> keith at mail.telestream.com wrote:
> >
> > I have named running non-root on a linux machine and it runs great with
> > one exception. From time to time, without named shutting down, it simply
> > stops answering queries.
>
> Does it log any messages to syslog? Is it still listening on port 53?
> (The "netstat -an" command should tell you what ports are active.)
>
> You say you're running version 8.2. There are known security problems
> in that version that allow outside users to break into your system as
> the UID/GID that named is running as. You should upgrade to 8.2.2-P5,
> and assume that somebody has broken into your system. Such a breakin,
> or at least a breakin attempt, might explain the lockups you're seeing.
> (They might have gained root access as well, if they were able to
> leverage
> a named.named breakin to run a local-root exploit on your system.)
>
> See this page for info on the vulnerabilities in older versions of BIND:
>
> http://www.isc.org/products/BIND/bind-security-19991108.html
>
More information about the bind-users
mailing list