Blocking malware URL lookup using BIND

2011-10-25 Thread babu dheen
Dear All,    We are seeing huge number of malware request going to malware domains performed by some malware infected clients.    All malware infected clients are trying to reach below URL . We would like to know how we can block if any dns query come to *.-0-0-0-0-0-0-0-0-0-0.info domain,

Re: Blocking malware URL lookup using BIND

2011-10-25 Thread Phil Mayers
On 10/25/2011 10:03 AM, babu dheen wrote: Dear All, We are seeing huge number of malware request going to malware domains performed by some malware infected clients. This was discussed on the list just the other day; you have two options: 1. Create a dummy zone with no content for each hostna

Re: Blocking malware URL lookup using BIND

2011-10-25 Thread Matthew Seaman
On 25/10/2011 10:03, babu dheen wrote: > We are seeing huge number of malware request going to malware domains > performed by some malware infected clients. > > All malware infected clients are trying to reach below URL . We would like > to know how we can block if any dns query come to > *

maximum number of FD events

2011-10-25 Thread Fr34k
Hello, Environment:  Solaris10 SPARC and x86, BIND 9.7.3-P3 and 9.8.1 Anomaly:  In our logs, we have been noticing "maximum number of FD events" entries.  For example,   named[8592]: [ID 873579 daemon.info] sockmgr 288760: maximum number of FD events (64) received Action:  Our web searches h

open_socket, permission denied

2011-10-25 Thread Fr34k
Hello, Environment:  Solaris10 SPARC, BIND 9.8.1 Anomaly:  In our logs, we have been noticing "open_socket... permission denied..." entries.  For example,   named[15910]: [ID 873579 daemon.warning] dispatch 2bcf50: open_socket(::#2049) -> permission denied: continuing   named[15910]: [ID 873579

Re: maximum number of FD events

2011-10-25 Thread Chuck Swiger
On Oct 25, 2011, at 1:09 PM, Fr34k wrote: > We found someone else who seemed to suggest a "fix" by increasing the number > of sockets. > We figured we would give that a shot and see what would happen. We tried > 128, and then 256 -- but we still see these messages: > named[14050]: [ID 873579 d

dispatch - permission denied

2011-10-25 Thread Benzi Mizrahi
Hi, I've recently upgraded our nameservers from version 9.6.2.-p3 to 9.7.4 , and the following messages started to appear on all nameservers logs: 22-Oct-2011 16:58:41.548 dispatch: dispatch 5612b0: open_socket(0.0.0.0#2049) -> permission denied: continuing 22-Oct-2011 17:01:02.361 dispatc