Date: Fri, 01 May 1998 16:35:34 -0700 From: Alex Huppenthal <alex@comsys.com> To: michael@blueneptune.com Cc: freebsd-isp@FreeBSD.ORG, mmoran@veronet.net, dyson@FreeBSD.ORG, batie@agora.rdrop.com, LutzRab@omc.net, robseco@moat.teksupport.net.au Subject: Re: Named disappeared Message-ID: <354A5C46.CCB78D9E@comsys.com> References: <199805012229.PAA01307@rainey.blueneptune.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I agree entirely. Over the past few days, our DNS has been attacked. We've just upgraded to the latest bind. Setup was painless. A handy script for converting /etc/named.boot to the new named.conf is included, and worked fine. We've tested access, zone transfers and things look much better. Our symptom was DNS name resolution on a few sites stopped working, until named was restarted. We also had a core file dumped on another system. -Alex michael@blueneptune.com wrote: > > We also had two of our nameservers, one in Melbourne and one in Canberra go > > down within seconds of each other. > > > > May 1 19:51:29 canberra /kernel: pid 70: named: uid 0: exited on signal 11 > > May 1 19:51:32 wizard /kernel.256: pid 70 (named), uid 0: exited on signal 11 > > > > This appears a global problem. > > This looks more and more like somebody out there is launching a large-scale > attack against the security problems outlined in the recent CERT advisory. > Unless I'm reading the advisory wrong, a "signal 11" crash is certainly one > of the possible outcomes of somebody hitting your nameservers with an exploit > directed at these problems. > > Here are the URLs again, giving the CERT advisory, and the page from which > you can download the latest BIND, either 4.* or 8.*, depending on your > preferences: > > http://www.cert.org/advisories/CA-98.05.bind_problems.html > http://www.isc.org/new-bind.html > > I upgraded all of our servers, which were running an embarassingly old > version of named (and FreeBSD), to use the new 4.9.7, with little effort > at all. No configuration changes were needed, just unpack, build and > install as instructed. It couldn't have been much simpler. [I'd also > recommend that if you are currently running 4.*, that you upgrade first > to 4.9.7 to protect against the problems, then upgrade to 8.* at your > leisure, if you want.] > > -- > Michael Bryan > michael@blueneptune.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?354A5C46.CCB78D9E>