Re: bind9 security problem?
On Sat Nov 04, 2006 at 10:30:55 +0100, Adrian von Bidder wrote:
> Yodel!
>
> Is there a security problem in some bind version? Or in some syncml-related
> application? Or is somebody just being silly? I have these in my logs:
>
> ===
> Nov 3 15:35:03 myhost named[8286]: unexpected RCODE (SERVFAIL) resolving 'cscursor.so/NS/IN': myforwarderip1#53
> Nov 3 15:35:03 myhost named[8286]: unexpected RCODE (SERVFAIL) resolving 'pptpd-logwtmp.so/NS/IN': myforwarderip1#53
> Nov 3 15:35:03 myhost named[8286]: unexpected RCODE (SERVFAIL) resolving 'libsyncml_plugin.so/NS/IN': myforwarderip1#53
> Nov 3 15:35:03 myhost named[8286]: unexpected RCODE (SERVFAIL) resolving 'libgnutls.so/NS/IN': myforwarderip1#53
> Nov 3 15:35:05 myhost named[8286]: unexpected RCODE (SERVFAIL) resolving 'cscursor.so/NS/IN': myforwarderip2#53
> Nov 3 15:35:05 myhost named[8286]: unexpected RCODE (SERVFAIL) resolving 'pptpd-logwtmp.so/NS/IN': myforwarderip2#53
> Nov 3 15:35:05 myhost named[8286]: unexpected RCODE (SERVFAIL) resolving 'libsyncml_plugin.so/NS/IN': myforwarderip2#53
> Nov 3 15:35:05 myhost named[8286]: unexpected RCODE (SERVFAIL) resolving 'libgnutls.so/NS/IN': myforwarderip2#53
> Nov 3 15:35:08 myhost named[8286]: unexpected RCODE (REFUSED) resolving 'cscursor.so/NS/IN': someip#53
> Nov 3 15:35:08 myhost named[8286]: unexpected RCODE (REFUSED) resolving 'libsyncml_plugin.so/NS/IN': someip#53
> Nov 3 15:35:08 myhost named[8286]: unexpected RCODE (REFUSED) resolving 'pptpd-logwtmp.so/NS/IN': someip#53
> Nov 3 15:35:08 myhost named[8286]: unexpected RCODE (REFUSED) resolving 'libgnutls.so/NS/IN': someip#53
> Nov 3 15:35:08 myhost named[8286]: lame server resolving 'cscursor.so' (in 'so'?): someotherip#53
> Nov 3 15:35:08 myhost named[8286]: lame server resolving 'libsyncml_plugin.so'(in 'so'?): someotherip#53
> Nov 3 15:35:08 myhost named[8286]: lame server resolving 'pptpd-logwtmp.so' (in 'so'?): someotherip#53
> Nov 3 15:35:08 myhost named[8286]: lame server resolving 'libgnutls.so' (in 'so'?): someotherip#53
> ===
I also have them quite often in my logs, but did not yet found out, what
they come from.
--
[root@debian /root]# man real-life
No manual entry for real-life
Reply to: