- Previous message: Scott Weeks: "Re: mitigating botnet C&Cs has become useless"
- Maybe in reply to: Dominic J. Eidson: "Odd named messages..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Simon Waters (no email)
Date: Wed Aug 02 2006 - 05:36:40 EDT
On Tuesday 01 Aug 2006 20:18, you wrote:
> Has anyone else seen an increase of the following named errors?
>
> Aug 1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error
> Aug 1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error
Noted similar here, started Jul 31 17:06:09 (GMT+1).
> .. someone trying some new anti-bind trickery?
The error can occur in "normal" usage of BIND9 so may reflect a change in
firewall practice or similar.
It is occurring on recursive servers with no remote recursive queries allowed,
so it is presumably in response to some query initiated locally (email/spam
related perhaps?).
We have spare disk space, I will enable query logging and see if it helps.
Suggest the DNS ops list may be best place to take further comments.
My best guess is ignorance over conspiracy. If I find a concrete answer I will
follow up to NANOG if appropriate.
Afraid my first attempt to investigate got side tracked into reporting some
phishing scam or other.
|
|
|