I don't think I have these info:
# rndc status
version: 9.9.5-9+deb8u8-Debian (DNS server)
CPUs found: 24
worker threads: 24
UDP listeners per interface: 24
number of zones: 111
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2017-02-07 at 22:15 -0200, Raul Dias wrote:
> I am pretty sure it is not restarting.
What does 'rndc status' show for boot time and last configured time
after the zone has reverted to previous contents?
-BEGIN PGP SIGNATURE-
Versio
On 07/02/2017 20:37, Reindl Harald wrote:
try "chattr +i" on your zonefile so that it can't be touched and with
some luck the stuff trying to replace it will error out in cronmails
or syslog
Good idea.
Done!
___
Please visit https://lists.isc.or
s@lists.isc.org
<mailto:bind-users@lists.isc.org>
*Subject:* Re: bind 9 goes rogue and revert zone information
Sorry,
Static files.
It is the master server.
No dynamic updates.
Host under lxc with only bind ports open.
On Tue, Feb 7, 2017, 12:27 Alb
Am 07.02.2017 um 23:52 schrieb Alberto Colosi:
The truth is to solve it not to ask what an hacker (maybe a child runned a tool
found on internet as virus toolkits).
the truth is to *find out* what happens and since it's more likely that
some forgotten piece of cronscript lives somewhere tha
s@lists.isc.org"
Subject: bind 9 goes rogue and revert zone information
Date: Tue, Feb 7, 2017 23:38
Am 07.02.2017 um 23:31 schrieb Alberto Colosi:
> lucky you say
>
> zombie host and hijacked resourced poisoned DNS are not an hack
>
> In years as Security Desk Seat I had at leat on
On 2/7/17 4:31 PM, Alberto Colosi wrote:
> lucky you say
>
> zombie host and hijacked resourced poisoned DNS are not an hack
>
> In years as Security Desk Seat I had at leat one attack from zombie
> hosts from a US University. Admins even not known was hacked.
>
> Target of hackers is not only
a zombie host is a valuable item for them.
From: bind-users on behalf of Alan Clegg
Sent: Tuesday, February 7, 2017 10:48 PM
To: bind-users@lists.isc.org
Subject: Re: bind 9 goes rogue and revert zone information
On 2/7/17 8:42 AM, Alberto Colosi wrote:
>
an
Clegg
*Sent:* Tuesday, February 7, 2017 10:48 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: bind 9 goes rogue and revert zone information
On 2/7/17 8:42 AM, Alberto Colosi wrote:
IP ports not open does not mean is not hacked.
a vulnerability can be used to make a change or an access
Occam's
On 2/7/17 8:42 AM, Alberto Colosi wrote:
> IP ports not open does not mean is not hacked.
>
> a vulnerability can be used to make a change or an access
Occam's razor... if you were a hacker and broke into someone's DNS
server, would the thing that you focus on be resetting the data every 24
hours
find a solution (check all IP traffic out from TCP/UDP
> 53)
>
>
> If you have RNDC , change KEY or disable it
>
>
>
>
> --
> *From:* Raul Dias
> *Sent:* Tuesday, February 7, 2017 3:34 PM
> *To:* Alberto Colosi; bind-users@lists.isc.org
>
In article ,
Raul Dias wrote:
> I have a very strange behavior that I am failing to understand.
>
> 2 to 5 times a week, a named server revert back to a previous version os
> a master zone.
> This happens during the night, usually around 20h EST.
>
> This zone has a serial of 3017020401 (yes,
have RNDC , change KEY or disable it
*From:* Raul Dias
*Sent:* Tuesday, February 7, 2017 3:34 PM
*To:* Alberto Colosi; bind-users@lists.isc.org
*Subject:* Re: bind 9 goes rogue and revert zone information
Sorry,
Static
Hi Mukund,
On 07/02/2017 12:42, Mukund Sivaraman wrote:
Hi Raul
When you say "When it reverts its zone information", how are you
observing it? Are you reading the master file from disk to check what's
in it, or are you doing a dig for the SOA record to check the serial?
By this, I'm asking if yo
Hi Raul
On Tue, Feb 07, 2017 at 12:03:40PM -0200, Raul Dias wrote:
> Hello,
>
> I have a very strange behavior that I am failing to understand.
>
> 2 to 5 times a week, a named server revert back to a previous version os a
> master zone.
> This happens during the night, usually around 20h EST.
>
cked
>>
>> as last , zones are static files on fs ?
>>
>>
>> --
>> *From:* bind-users on behalf of Raul
>> Dias
>> *Sent:* Tuesday, February 7, 2017 3:03 PM
>> *To:* bind-users@lists.isc.org
>> *Subject:* bind 9 goes rogue and revert zone information
&g
disable it
From: Raul Dias
Sent: Tuesday, February 7, 2017 3:34 PM
To: Alberto Colosi; bind-users@lists.isc.org
Subject: Re: bind 9 goes rogue and revert zone information
Sorry,
Static files.
It is the master server.
No dynamic updates.
Host under lxc with only
> as last , zones are static files on fs ?
>
>
> --
> *From:* bind-users on behalf of Raul
> Dias
> *Sent:* Tuesday, February 7, 2017 3:03 PM
> *To:* bind-users@lists.isc.org
> *Subject:* bind 9 goes rogue and revert zone information
>
>
@lists.isc.org
Subject: bind 9 goes rogue and revert zone information
Hello,
I have a very strange behavior that I am failing to understand.
2 to 5 times a week, a named server revert back to a previous version os
a master zone.
This happens during the night, usually around 20h EST.
This zone has a
Hello,
I have a very strange behavior that I am failing to understand.
2 to 5 times a week, a named server revert back to a previous version os
a master zone.
This happens during the night, usually around 20h EST.
This zone has a serial of 3017020401 (yes, I typo the 3 somewhere in the
past)
20 matches
Mail list logo
