Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 01 May 1998 16:35:34 -0700
From:      Alex Huppenthal <alex@comsys.com>
To:        michael@blueneptune.com
Cc:        freebsd-isp@FreeBSD.ORG, mmoran@veronet.net, dyson@FreeBSD.ORG, batie@agora.rdrop.com, LutzRab@omc.net, robseco@moat.teksupport.net.au
Subject:   Re: Named disappeared
Message-ID:  <354A5C46.CCB78D9E@comsys.com>
References:  <199805012229.PAA01307@rainey.blueneptune.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I agree entirely. Over the past few days, our DNS has been attacked. We've
just upgraded to the latest bind. Setup was painless.

A handy script for converting /etc/named.boot to the new named.conf is included,
and worked fine. We've tested access, zone transfers and things look much better.

Our symptom was DNS name resolution on a few sites stopped working, until
named was restarted. We also had a core file dumped on another system.

 -Alex

michael@blueneptune.com wrote:

> > We also had two of our nameservers, one in Melbourne and one in Canberra go
> > down within seconds of each other.
> >
> > May  1 19:51:29 canberra /kernel: pid 70: named: uid 0: exited on signal 11
> > May  1 19:51:32 wizard /kernel.256: pid 70 (named), uid 0: exited on signal 11
> >
> > This appears a global problem.
>
> This looks more and more like somebody out there is launching a large-scale
> attack against the security problems outlined in the recent CERT advisory.
> Unless I'm reading the advisory wrong, a "signal 11" crash is certainly one
> of the possible outcomes of somebody hitting your nameservers with an exploit
> directed at these problems.
>
> Here are the URLs again, giving the CERT advisory, and the page from which
> you can download the latest BIND, either 4.* or 8.*, depending on your
> preferences:
>
>     http://www.cert.org/advisories/CA-98.05.bind_problems.html
>     http://www.isc.org/new-bind.html
>
> I upgraded all of our servers, which were running an embarassingly old
> version of named (and FreeBSD), to use the new 4.9.7, with little effort
> at all.  No configuration changes were needed, just unpack, build and
> install as instructed.  It couldn't have been much simpler.  [I'd also
> recommend that if you are currently running 4.*, that you upgrade first
> to 4.9.7 to protect against the problems, then upgrade to 8.* at your
> leisure, if you want.]
>
> --
> Michael Bryan
> michael@blueneptune.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?354A5C46.CCB78D9E>