Mario, I forwarded you post to a linux list I'm on, here's the reply below.
HTH, Matt -----Original Message----- From: John Crowhurst [mailto:fyremoon@;fyremoon.net] Sent: 11 November 2002 20:59 To: [EMAIL PROTECTED] Subject: Re: [Sussex] DNS Hack attack? > All, > > Anyone know what the following mean? I've been mailed it by a friend who > doesn't understand his DNS logs. Neither do I! :o) Firstly, a dangling CNAME is when a DNS record is missing the A record, an example would be here: www IN A 1.2.3.4 www2 IN CNAME www www3 IN CNAME www4 www3 is a dangling CNAME in this case, as there is no A (address) record for www4. A CNAME (Canonical Name) is similar to an alias, where it points to an A record. This can occur in the case of "split DNS", where there are two different versions of the DNS around the internet, and a lookup is pulling down the broken setup. The DNS restarts seem to be worrying though, as if its attempting to spawn when there is already a copy of bind running, and bound to the port. Perhaps upgrading the version of bind to be on the safe side would be a wise move anyway, and perhaps check the system for any possible rootkit. If its an RPM based distribution, you can query the integrity of the files by issuing: # rpm -qa Download a copy of chkrootkit too, and give it a quick once over. It may be me being overly paranoid, but you will be able to sleep better tonight. -- John _______________________________________________ Sussex mailing list [EMAIL PROTECTED] http://mailman.lug.org.uk/mailman/listinfo/sussex ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:wdvltalk-join@;lists.wdvl.com Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
