Something nasty happening on DNS servers.
emmpey
emmpey at yahoo.co.uk
Sun Aug 13 21:11:41 UTC 2006
Hi all,
I'm running BIND 9.2.5, one master and one slave. They are on a DMZ
(network 172.16.0) behind an iptables firewall.
A few hours ago both servers stopped resolving external addresses.
On the machines that host named i couldn't use dig or nslookup to
resolve names using my ISPs nameserver (or any nameservers for that
matter), server timeout message.
I could ping out to the ISP's nameserver fine. just dig/nslookup
timeout.
Other hosts on the DMZ resolve fine using external nameserver, as do my
LAN (192.168) hosts, it's just the two machines that were hosting named
that timeout.
Im using NAT so to any external nameservers my lookups appear to be
coming from the same host, so I suspect that the master and slave hosts
have been hacked. I could be totally wrong.
Has anyone seen a case where dig/nslookup times-out like that - I just
don't understand it.
I don't have any DNS for mail and web at the moment. I'm building
another nameserver now so hopefully should have DNS back sooner or
later.
Has anyone seen anything like this before?
More information about the bind-users
mailing list