RE: Caching server - named process is limit at 500MB

Hi, Here is my output from command. It looks like my bind version is actually 32 bit. But there are some default applications also 32 bit although all are installed on a 64 bit OS. I have to check this for a moment. bash-3.2# file `which named` /usr/local/sbin/named: ELF 32-bit LSB executable 80

Re: Caching server - named process is limit at 500MB

-Original Message- From: Chu Ha Khanh Date: Tuesday, April 16, 2013 10:25 PM To: 'Jaco Lesch' Cc: "bind-users@lists.isc.org" Subject: RE: Caching server - named process is limit at 500MB >Hi, > >How to check 64 bit version of bind? > >I often download source code from isc.org and com

RE: Caching server - named process is limit at 500MB

Hi, How to check 64 bit version of bind? I often download source code from isc.org and compile on 64 bit Solaris 10 OS then. I always consider my version is 64 bit. Thanks and Best Regards, Website: www.svtech.com.vn E-mail: khanh@svtech.com.vn

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

On 16/04/13 14:28, Denis Laventure wrote: Instead of blocking the source (which aren't even real - they're spoofed) why not just block access to your recursive resolver on port 53. I need my DNS server to resolve for my authoritative domain, I have 30+ domains here I can't block acces to port

RE: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

> Instead of blocking the source (which aren't even real - they're > spoofed) why not just block access to your recursive resolver on port 53. I need my DNS server to resolve for my authoritative domain, I have 30+ domains here I can't block acces to port 53. Denis _

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

On 16/04/13 14:04, Denis Laventure wrote: These seems like some attack going on, after reading the mails i also check my recursive server and found a lot of these in my logs: my server is not an open recursive server its only open to my clients and these are not even from my country. Same her

RE: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

> These seems like some attack going on, after reading the mails i also check > my recursive server and found a lot of these in my logs: > my server is not an open recursive server its only open to my clients and > these are not even from my country. Same here, my DNS are open to my clients only

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

On Tue, 2013-04-16 at 13:00 +0100, Phil Mayers wrote: > On 16/04/13 12:41, Kebba Foon wrote: > > > my server is not an open recursive server its only open to my clients > > and these are not even from my country. > > > > You're right, it's probably a spoofed-source DNS amplification attack. > >

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

On 16/04/13 12:41, Kebba Foon wrote: my server is not an open recursive server its only open to my clients and these are not even from my country. You're right, it's probably a spoofed-source DNS amplification attack. If your DNS server isn't open (good to hear) you could consider just ACLi

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

On Tue, 2013-04-16 at 05:27 -0400, Barry Margolin wrote: > In article , > Matus UHLAR - fantomas wrote: > > > they apparently expect your nameserver to provide resursive DNS service for > > your company while it may not be intended for that use... some customers > > (well, not only customers...

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

In article , Matus UHLAR - fantomas wrote: > they apparently expect your nameserver to provide resursive DNS service for > your company while it may not be intended for that use... some customers > (well, not only customers...) do not understand the difference between > authoritative and recurs

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

On 15.04.13 10:02, Jose Manuel Delgado G. wrote: Subject: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an update to version 9.9.2-

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

On 15.04.13 16:13, Denis Laventure wrote: I'm having the same problem but for those domains... hao.360.cn. openboxcdn.mobilem.360.cn. xliar.com. www.so.com. www.baidu.com. www.360.cn down.360.cn www.hao123.com 15-Apr-2013 15:00:08.485 security: info: client 117.21.187.20#52538:

Re: Understanding Kaminsky exploit w/bind

On 15.04.13 09:44, Jamie Ostrowski wrote: But that is the point of my question. Since it is relying on it's cached entry for the auth. nameserver for mydomain.com, the attacker, once the auth. nameserver for mydomain.com was cached, would have to wait until that cached NS entry for mydomain.com e

Re: Solaris 11

John When you do compile from source maybe look at BIND 9.9.3rc1, as this have some fixes in for Solaris 11 in a 64-bit mode. We are running a patched version of 9.9.2 successfully in our environment. Regards On 15/04/2013 22:24, Manson, John wrote: I searched www.isc.org