Named errors

Jeff Lightner jlightner at water.com
Wed Jun 28 17:21:07 UTC 2006 

Well now it IS broke ain't it?

If you tell them the most likely cause is that you were hacked that in
tandem with the fact it is not working properly should get them to let
you upgrade.

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Gary Lopez
Sent: Wednesday, June 28, 2006 1:07 PM
To: Kevin Darcy
Cc: bind-users at isc.org
Subject: Re: Named errors

Thanks Kevin.
	I am trying to convince to company to upgrade. This is a company
that 
believes in "if it ain't broke don't upgrade it".

Gary D Lopez
Unix Systems Administrator
Catapult Communications
160 S Whisman Rd
Mountain View, CA 94041
Ph  (650) 314-1029
Fax (650) 960-1029


Kevin Darcy wrote:
> Gary Lopez wrote:
>> Hello everyone,
>>      This problem started over the weekend and not sure why. I have
been 
>> running the same version of bind 8.1.2 on Solaris 2.7 for the past 4 
>> years without incident. Since this weekend however I started seeing 
>> error messages about wrong ans. name and bad referrals. Is this an 
>> attack or is there something in my bind configuration I need to
modify?
>>
>> example:
>>
>> Jun 27 07:21:40 named[11645]: bad referral (. !< pebble.com)
>> Jun 27 07:21:40 DNS-server named[11645]: bad referral 
>> (169.218.in-addr.arpa !< 87.169.218.in-addr.arpa)
>> Jun 27 07:21:40 DNS-server last message repeated 1 time
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name 
>> (g.www.ms.akadns.net != toggle.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name 
>> (lb1.www.ms.akadns.net != toggle.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server last message repeated 5 times
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name 
>> (lb1.www.ms.akadns.net != g.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server last message repeated 3 times
>> Jun 27 07:22:09 DNS-server named[11645]: bad referral (. !<
sandgrabber.com)
>>   
> Probably nothing in your configuration you can do to affect this.
> 
> Is it an attack? Quite likely, since 8.1.2 is/was very exploitable.
> 
> You *really* need to upgrade. BIND 8 is up to 8.4.7, and BIND 9 (a 
> complete rewrite and the preferred version) is up to 9.3.2.
> 
>

>             - Kevin
> 
> 
>

More information about the bind-users mailing list