LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats] 
  From: Alan Kennington <akenning@topology.org>
  To  : LinuxSA <linuxsa@linuxsa.org.au>
  Date: Tue, 29 May 2001 16:21:02 +0930

Re: Bind dilemmas.

On Tue, May 29, 2001 at 04:05:42PM +0930, Daryl Tester wrote:
> "Alan Kennington" <akenning@topology.org> wrote:
> 
> > It's difficult to see anything dodgy in there.
> 
> I shouldn't be able to punch non-authorative requests through
> your name server ...

Daryl,

I'm afraid I don't have any idea whether that should or should
not be possible.
Where would I read up on what my "named" _should_ do?
I have the O'REilly BIND book, and have read lots of
docs and manuals on BIND.
But they just tell you what you _can_ do.

> [root@insanity /root]# nslookup -type=soa iocane.com.au dog.topology.org
> Server:  dog.topology.org
> Address:  203.38.148.51
> 
> Non-authoritative answer:
> iocane.com.au
>         origin = ns0.iocane.com.au
>         mail addr = postmaster.iocane.com.au
> [...]
> ns0.iocane.com.au       internet address = 203.152.225.88

That looks like what all DNS servers do.
Or do I have to lock down DNS against hackers too?
I thought that by getting the latest version of BIND,
I wouldn't need to nurse it. It's quite annoying that any
machine connected permanently to the net needs so much nursing.

> ... but I can.  Makes for a great DoS.  What was the memory
> utilisation like before you restarted it?

I'll check it next time it goes bad.
This is what it has now:

 PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
32718 named      9   0  3884 3884  1708 S     0.0  3.2   0:00 named
32719 named      9   0  3884 3884  1708 S     0.0  3.2   0:00 named
32720 named      9   0  3884 3884  1708 S     0.0  3.2   0:00 named
32721 named      9   0  3884 3884  1708 S     0.0  3.2   0:00 named
32722 named      9   0  3884 3884  1708 S     0.0  3.2   0:00 named    

As I commented many months ago, this is so large that it
put my old 16MB-RAM DNS machine over the swap memory limit, and as a result
I bought a shiny new machine and OS.
And I've been nursing the shiny new machine+OS (AMD 500MHz, SuSE7.1) 
no less than the rusty old machine+OS (486 with RH 5.2).
[Just ignore these grumbles.]

Cheers,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index: [thread] [date] [subject] [author] [stats]
Return to the LinuxSA Mailing List Information Page