[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Interresting report by logcheck....



On Fri, Feb 01, 2002 at 03:47:21PM -0600, Brian McGroarty wrote:
> 
> admin singular -- robotattack.com is my home machine.
> 
> RFC 1033 defines a machine name as an absolute address (A) or a
> pointer (CNAME), and later states that an ns record contains a machine
> name, which would seem to make either an A or a CNAME valid.
> 
> I'd appreciate it if you'd direct me to the newer material that
> supersedes the information in RFC 1033, Noah. I'll be searching myself
> as well. I don't wish to remain ignorant, of course.
> 
> In the mean time, I've changed the configuration to use the machine's
> A name. Hopefully this will prevent Adam or others from seeing the
> warning again.

I'm beginning to doubt that your DNS setup had anything to do with this.
Now I have:

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Feb  1 16:02:25 polaris named[201]: "robotattack.com IN NS" points to a CNAME (cluster.robotattack.com)
Feb  1 16:02:25 polaris sm-mta[11059]: g11M29Ne011059: from=<brian@robotattack.com>, size=1178, class=0, nrcpts=1,
+msgid=<20020201214721.GA30544@robotattack.com>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=localhost 
[127.0.0.1]
Feb  1 16:02:25 polaris named[201]: "robotattack.com IN NS" points to a CNAME (cluster.robotattack.com)

If it was just the DNS I would not be getting the MTA thing just because I got your
email.. I'm going to file a normal bug against logcheck as attack that is part of
a domain name should not be reported as it is right now.

I guess the problem is that you have a domain with attack in it! Logcheck gets scared 
and freak out.

- Adam



Reply to: