From owner-freebsd-isp Fri May 1 17:00:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA20989 for freebsd-isp-outgoing; Fri, 1 May 1998 17:00:56 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from soran.pacific.net.sg (soran.pacific.net.sg [203.120.90.76]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA20984 for ; Fri, 1 May 1998 17:00:53 -0700 (PDT) (envelope-from douglas@chapters.org) Received: from pop1.pacific.net.sg (pop1.pacific.net.sg [203.120.90.85]) by soran.pacific.net.sg with ESMTP id HAA06446 for ; Sat, 2 May 1998 07:55:37 +0800 (SGT) Received: from douglas (dyn1-8cable.sb.singa.pore.net [202.169.232.8]) by pop1.pacific.net.sg with SMTP id IAA15639 for ; Sat, 2 May 1998 08:00:52 +0800 (SGT) Message-ID: <011701bd755e$f6e1a300$08e8a9ca@douglas.singa.pore.net> Reply-To: "Douglas Stevenson Ng" From: "Douglas Stevenson Ng" To: Subject: Re: Named disappeared Date: Sat, 2 May 1998 08:12:16 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3007.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3007.0 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id RAA20985 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am running DNS on windows NT 4.0 and had that problem middle of last week. So it is not a porblem confined to FreeBSD (I use FreeBSD as a mail and web server for some other services). Thought it was an DNS problem and reinstalled the service. All the cached info justed wasn't there... -phew- takes a load of my back knowing that it wasn't -my- fault... Yup, it does seem like a global problem, had a LOT of domains that could not be resolved. Douglas douglas@alcamedia.com -----Original Message----- From: michael@blueneptune.com To: freebsd-isp@FreeBSD.ORG Cc: mmoran@veronet.net ; dyson@FreeBSD.ORG ; batie@agora.rdrop.com ; LutzRab@omc.net ; robseco@moat.teksupport.net.au Date: Saturday, May 02, 1998 7:35 AM Subject: Re: Named disappeared > >> We also had two of our nameservers, one in Melbourne and one in Canberra go >> down within seconds of each other. >> >> May 1 19:51:29 canberra /kernel: pid 70: named: uid 0: exited on signal 11 >> May 1 19:51:32 wizard /kernel.256: pid 70 (named), uid 0: exited on signal 11 >> >> This appears a global problem. > > >This looks more and more like somebody out there is launching a large-scale >attack against the security problems outlined in the recent CERT advisory. >Unless I'm reading the advisory wrong, a "signal 11" crash is certainly one >of the possible outcomes of somebody hitting your nameservers with an exploit >directed at these problems. > >Here are the URLs again, giving the CERT advisory, and the page from which >you can download the latest BIND, either 4.* or 8.*, depending on your >preferences: > > http://www.cert.org/advisories/CA-98.05.bind_problems.html > http://www.isc.org/new-bind.html > >I upgraded all of our servers, which were running an embarassingly old >version of named (and FreeBSD), to use the new 4.9.7, with little effort >at all. No configuration changes were needed, just unpack, build and >install as instructed. It couldn't have been much simpler. [I'd also >recommend that if you are currently running 4.*, that you upgrade first >to 4.9.7 to protect against the problems, then upgrade to 8.* at your >leisure, if you want.] > > >-- >Michael Bryan >michael@blueneptune.com > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message