Or, at least that's what it looks like. Last nigh (Oct 28) we were barraged by thousands of emails with a return path of facebookmail.com. Our MTA checks the return path of each incoming message so as to reject anything that can't be replied to. That, of course, requires a DNS lookup but every attempt to lookup facebookmail.com timed out and when I flushed the cache, it would resolve for a short while and then hang again until a again flushed my cache. This effectively brought both of my email edge servers to their knees as all the SMTP connections were tied up while the server was waiting on DNS.
I upgraded back in July when the major security bug was discovered and my name servers all run BIND 9.5.0-P1. I know there were a couple of Windows specific updates since then which I ignored because I'm running on Linux. Is that version otherwise at risk and do I need to update for security reasons? Thanks, Rob
