compromise/poisoning??
Simon Waters
Simon at wretched.demon.co.uk
Sat Feb 2 10:48:10 UTC 2002
Brian Collins wrote:
>
> Obviously, I've obscured real names/IPs above. I hope I've not muddied the
> waters in doing so.
It is always quicker if you give real names.
> Any ideas??
There are no known simple poisoning attacks againgst 8.2.3 as
far as I am aware.
The behaviour would be consistent with his IP being listed as a
forwarder in your named.conf file.
Otherwise check what your server replies when queries for the
root servers
dig @127.0.0.1 . ns
Failing that try a dump of BINDs cache and see if you can find
his IP address somewhere.
I'd bet typo somewhere...
--
Are you using the Internet to best effect ? www.eighth-layer.com
Tel: +44(0)1395 232769 ICQ: 116952768
Moderated discussion of teleworking at news:uk.business.telework
More information about the bind-users
mailing list