Observation on FC2/Help on FC1

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Fri Sep 10 16:10:51 UTC 2004


[ erased all content because it is nearly unreadable and I have no
patience now to wrap all lines so that a proper quoting is possible ]

Usman Yahaya,

please use a mail client which does produce proper list mails. Do not
send HTML formated mails to this list. I am unwilling to reformat the
mail to quote what you said.

And DO NOT exchange the reply-to address! I saw too late that my first
reply went to you personally and not as a reply to the list address.

If you only run a bind DNS server on the suspicious FC1 host, then check
it's log files. If you run bind chrooted, then the logs are under
/var/named/chroot/var/log/. If non chrooted they are under /var/log/. To
determine which bind your run you can use rpm

rpm -qa | grep bind

or nslookup

nslookup -q=txt -class=CHAOS version.bind. 0

or dig

dig @YOUR_NAME_SERVER version.bind CHAOS txt

"named -v" does it too.

With a broken DNS setup it is possible that the DNS server constantly
queries other DNS servers. You should that see from the logs. Run tools
like tcpdump or ethereal to check the traffic the host produces on a raw
level.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp 
Serendipity 18:09:02 up 11 days, 15:25, load average: 1.72, 0.57, 0.37 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040910/0e82641c/attachment-0001.sig>


More information about the fedora-list mailing list