Re: Interresting report by logcheck....
On Fri, Feb 01, 2002 at 03:47:21PM -0600, Brian McGroarty wrote:
>
> admin singular -- robotattack.com is my home machine.
>
> RFC 1033 defines a machine name as an absolute address (A) or a
> pointer (CNAME), and later states that an ns record contains a machine
> name, which would seem to make either an A or a CNAME valid.
>
> I'd appreciate it if you'd direct me to the newer material that
> supersedes the information in RFC 1033, Noah. I'll be searching myself
> as well. I don't wish to remain ignorant, of course.
>
> In the mean time, I've changed the configuration to use the machine's
> A name. Hopefully this will prevent Adam or others from seeing the
> warning again.
I'm beginning to doubt that your DNS setup had anything to do with this.
Now I have:
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Feb 1 16:02:25 polaris named[201]: "robotattack.com IN NS" points to a CNAME (cluster.robotattack.com)
Feb 1 16:02:25 polaris sm-mta[11059]: g11M29Ne011059: from=<brian@robotattack.com>, size=1178, class=0, nrcpts=1,
+msgid=<[🔎] 20020201214721.GA30544@robotattack.com>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=localhost
[127.0.0.1]
Feb 1 16:02:25 polaris named[201]: "robotattack.com IN NS" points to a CNAME (cluster.robotattack.com)
If it was just the DNS I would not be getting the MTA thing just because I got your
email.. I'm going to file a normal bug against logcheck as attack that is part of
a domain name should not be reported as it is right now.
I guess the problem is that you have a domain with attack in it! Logcheck gets scared
and freak out.
- Adam
Reply to: