Bind And Linux RedHat 6.2

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Mon Jul 24 01:05:27 UTC 2000 

	Assume that your machine has been compromised and take remedial
	action.

	http://www.isc.org/products/BIND/bind-security-19991108.html

	I would also suggest that you get yourself on appropriate lists
	so that you seen security warnings.

	Mark

> Hi Everyone.
> 
> i am running a major DNS server and i experienced some problems in the past
> few weeks.
> 
> it seem the service turns to zombie leaving the port (53) open but the
> server does not resolve any queries.
> have anyone ever experiencd a problem like this:
> 
> is there s solution to it?
> 
> Here is my information:
> 
> Linux RedHat 6.2 - Kernel 2.2.12-20
> Bind-8.2.1
> 
> My /var/log/messages looks like this:
> 
> Jul 23 10:43:22 prddns01 named[943]: starting.  named 8.2.1 Fri Sep 24
> 14:52:24 EDT 1999 root at porky.devel.red
> Jul 23 10:43:22 prddns01 named[943]: hint zone "" (IN) loaded (serial 0)
> Jul 23 10:43:22 prddns01 named[943]: Zone "ynet.co.il" (file
> /etc/ynet.co.il.hosts): No default TTL set using S
> Jul 23 10:43:22 prddns01 named: Zone "ynet.co.il" (file
> /etc/ynet.co.il.hosts): No default TTL set using SOA mi
> Jul 23 10:43:22 prddns01 named[943]: /etc/ynet.co.il.hosts: WARNING SOA
> expire value is less than 7 days (43200
> Jul 23 10:43:22 prddns01 named[943]: master zone "ynet.co.il" (IN) loaded
> (serial 2000043037)
> Jul 23 10:43:22 prddns01 named[943]: Zone "80.115.192.in-addr.arpa" (file
> /etc/192.115.80.rev): No default TTL
> Jul 23 10:43:22 prddns01 named[943]: /etc/192.115.80.rev: WARNING SOA expire
> value is less than 7 days (432000)
> Jul 23 10:43:22 prddns01 named[943]: master zone "80.115.192.in-addr.arpa"
> (IN) loaded (serial 950353508)
> Jul 23 10:43:22 prddns01 named[943]: Zone "9.22.10.in-addr.arpa" (file
> /etc/10.22.9.rev): No default TTL set us
> Jul 23 10:43:22 prddns01 named[943]: /etc/10.22.9.rev: WARNING SOA expire
> value is less than 7 days (432000)
> Jul 23 10:43:22 prddns01 named[943]: master zone "9.22.10.in-addr.arpa" (IN)
> loaded (serial 950353528)
> Jul 23 10:43:22 prddns01 named: /etc/ynet.co.il.hosts: WARNING SOA expire
> value is less than 7 days (432000)
> Jul 23 10:43:22 prddns01 named: master zone "ynet.co.il" (IN) loaded (serial
> 2000043037)
> Jul 23 10:43:22 prddns01 named: Zone "80.115.192.in-addr.arpa" (file
> /etc/192.115.80.rev): No default TTL set u
> Jul 23 10:43:22 prddns01 named: /etc/192.115.80.rev: WARNING SOA expire
> value is less than 7 days (432000)
> Jul 23 10:43:22 prddns01 named: master zone "80.115.192.in-addr.arpa" (IN)
> loaded (serial 950353508)
> Jul 23 10:43:22 prddns01 named: Zone "9.22.10.in-addr.arpa" (file
> /etc/10.22.9.rev): No default TTL set using S
> Jul 23 10:43:22 prddns01 named: /etc/10.22.9.rev: WARNING SOA expire value
> is less than 7 days (432000)
> Jul 23 10:43:22 prddns01 named: master zone "9.22.10.in-addr.arpa" (IN)
> loaded (serial 950353528)
> Jul 23 10:43:22 prddns01 named: Zone "y-net.co.il" (file
> /etc/y-net.co.il.hosts): No default TTL set using SOA
> Jul 23 10:43:22 prddns01 named[943]: Zone "y-net.co.il" (file
> /etc/y-net.co.il.hosts): No default TTL set using
> Jul 23 10:43:22 prddns01 named: /etc/y-net.co.il.hosts: WARNING SOA expire
> value is less than 7 days (432000)
> Jul 23 10:43:22 prddns01 named[943]: /etc/y-net.co.il.hosts: WARNING SOA
> expire value is less than 7 days (4320
> Jul 23 10:43:22 prddns01 named: master zone "y-net.co.il" (IN) loaded
> (serial 950355031)
> Jul 23 10:43:22 prddns01 named[943]: master zone "y-net.co.il" (IN) loaded
> (serial 950355031)
> Jul 23 10:43:22 prddns01 named: listening on [127.0.0.1].53 (lo)
> Jul 23 10:43:22 prddns01 named[943]: listening on [127.0.0.1].53 (lo)
> Jul 23 10:43:22 prddns01 named: listening on [192.115.80.31].53 (eth0)
> Jul 23 10:43:22 prddns01 named[943]: listening on [192.115.80.31].53 (eth0)
> Jul 23 10:43:22 prddns01 named: listening on [10.22.9.31].53 (eth1)
> Jul 23 10:43:22 prddns01 named[943]: listening on [10.22.9.31].53 (eth1)
> Jul 23 10:43:22 prddns01 named: Forwarding source address is [0.0.0.0].1037
> Jul 23 10:43:22 prddns01 named[943]: Forwarding source address is
> [0.0.0.0].1037
> Jul 23 10:43:23 prddns01 named: named startup succeeded
> Jul 23 10:43:23 prddns01 named[944]: Ready to answer queries.
> Jul 23 10:43:40 prddns01 named[944]: Sent NOTIFY for "ynet.co.il IN SOA"
> (ynet.co.il); 1 NS, 1 A
> Jul 23 10:43:40 prddns01 named[944]: Received NOTIFY answer for "ynet.co.il
> IN SOA"
> 
> 
> 
> 
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list