[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Intermittent DNS failure or hack or what??
- Subject: Re: [cobalt-security] Intermittent DNS failure or hack or what??
- From: Bill Irwin <bill_irwin@xxxxxxxx>
- Date: Thu, 10 May 2001 12:08:01 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Simon,
This sounds like a DNS problem. Verify all your DNS settings are correct
for each virtual site, and for the main settings on your server.
Somewhere along the way its restarting and stopping the DNS name server.
The link below provides information on DNS setups. I would verify that
the settings you have included are correct. I suspect where you are
having problems is with the reverse lookups tables. A large percentage
of new cobalt users forget to include the reverse lookup tables for
their forward lookups on the DNS
EXAMPLE:
ns1.domain.com A----> IP
IP A-----> ns1.domain.com
ns2.domain.com A----> IP
IP A-----> ns2.domain.com
domain.com MX---> host.domain.com
This should be what you have for each virtual host and the main site
settings
http://www.cobalt.com/support/wp.dns.html
One way to test what the problem may be is to run this series of test
1 Ping local machine IP# - verifies LAN network
2 Ping DNS server IP# - verifies your DNS server is working (one
provided by ISP)
3 Ping a URL (www.yahoo.com) - verifies names are being resolved.
If you can get a response back from 1 and 2, but not 3, its a name
resolving problem. If you get a response back from all three, its likely
there's something else going on.
Simon Wilson wrote:
>
> Apologies in advance if this isn't posted in quite the right group. I am
> not sure if this a DNS problem or a security issue.
>
> For the past two days people are intermittently unable to browse sites on
> our
> server. It will be ok for 30 mins then it won't work and they get 'Cannot
> find
> server or DNS Error' page. We have done trace routes at this time and they
> are fine.
> Pinging the machine is fine. The server admin browser pages always work
> during
> this time but not the sites. Any ideas?
> We did the RaQ4-All-Security-1.0.1-10098.pkg and the
> RaQ4-All-Security-1.0.1-10014.pkg
> yesterday. Could it be this causing a problem?
>
> I wonder whether we have been hacked in some form. The only suspicious
> report recently
> from logcheck that I don't understand was this:
>
> May 5 02:14:16 ns1 named[376]: Lame server on '155.218.53.216.in-addr.arpa'
> (in '218.53.216.in-addr.arpa'?): [216.53.130.3].53 'NS2.MPINET.NET'
>
> Basically I don't what's going on and not surprisingly my co-location people
> say that
> nothing is wrong.... Help please...before a client notices.
>
> Simon Wilson
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
--
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.