Re: bind9 security problem?

To: debian-security@lists.debian.org
Subject: Re: bind9 security problem?
From: Matej Kovac <matej.kovac@telnet.sk>
Date: Wed, 8 Nov 2006 23:25:01 +0100
Message-id: <[🔎] 20061108222501.GB25112@bacon.telnet.sk>
In-reply-to: <[🔎] 200611071838.56912.avbidder@fortytwo.ch>
References: <[🔎] 20484154.1162796234936.JavaMail.root@fep04.ttnet.net.tr> <[🔎] 200611071838.56912.avbidder@fortytwo.ch>

On Tue, Nov 07, 2006 at 06:38:56PM +0100, Adrian von Bidder wrote:
> On Monday 06 November 2006 07:57, Ozgur Karatas wrote:
> > logging {
> > category lame-servers {null; };
> > };
> 
> I ignore this stuff via logcheck.  But I'd really be interested what causes 
> it.  I'll have to look at my cronjobs, these buggers often come at the same 
> minute every hour...
> 
it's a lame delegation. parent (delegating) name server says that some
machine should be authoritative for particular domain but it is not.

it pretty slows down resolving (of the RRs in question) and can turn to
a little DoS against you (for example, mail server resolves clients... etc).
the pattern you recognize really looks like a cron job, logresolve,
hourly webalizer...?)

-- 
matej kovac
matej.kovac@telnet.sk

Reply to:

References:
- Re: bind9 security problem?
  - From: Ozgur Karatas <ozgur.karatas@ttnet.net.tr>
- Re: bind9 security problem?
  - From: Adrian von Bidder <avbidder@fortytwo.ch>

Prev by Date: Bypassing allowed_users with PAM in sshd?
Next by Date: Re: Bypassing allowed_users with PAM in sshd?
Previous by thread: Re: bind9 security problem?
Next by thread: Register
Index(es):
- Date
- Thread