My FC3 machine appears to be compromised, please help
Paul Howarth
paul at city-fan.org
Fri Apr 7 07:42:57 UTC 2006
On Thu, 2006-04-06 at 21:10 +0100, Bob Brennan wrote:
> On 4/6/06, Les Mikesell <lesmikesell at gmail.com> wrote:
> > On Thu, 2006-04-06 at 14:26, Bob Brennan wrote:
> > > >
> > > > yum install caching-nameserver
> > > > chkconfig named on
> > > > service named start
> > > >
> > > > Then edit /etc/resolv.conf, remove the existing nameserver entries and
> > > > add a "nameserver 127.0.0.1" entry. Your system should then be doing its
> > > > own DNS lookups and shouldn't see the bogus CNAME records.
> > > >
> > > > You may need to add PEERDNS=no to /etc/sysconfig/network to prevent your
> > > > /etc/resolv.conf getting clobbered by a DHCP client.
> > > >
> > > > Paul.
> > >
> > > I will save this as a possible solution Paul but I am loathe to make
> > > changes like that right now since I have many business customers on
> > > the same server whose domains are not being affected. Unfortunately I
> > > will have to wait on Demon's solution to 3 domain's problems rather
> > > than risk taking down 30 myself.
> >
> > If you aren't running a nameserver now, this is a fairly safe
> > step. Your own lookups depend on the contents of /etc/resolv.conf
> > regardless of the presence of the nameserver on the same
> > machine. You should be able to install caching-nameserver,
> > test it out with 'dig @localhost' then modify /etc/resolv.conf
> > to use 'nameserver 127.0.0.1' instead of whatever you are
> > using now. If you see any problems, just put the old
> > resolv.conf back.
> >
> > --
> > Les Mikesell
> > lesmikesell at gmail.com
>
> Well here's a great big DOH!!!! for all of us - if ns1.mydomain.com,
> which is my authoritative DNS, is working properly and it's only
> Demon's DNS servers that are screwed up, WHY NOT CHANGE NETWORK
> SETTINGS TO USE THE DNS THAT WORKS!!! Sorry about shouting with caps,
> but duh! on me. Now Sendmail knows that the domains are as they should
> be, and are under my direct control rather than waiting for Demon to
> sync up. Why use Demon DNS in the first place one might ask? Because
> it was part of the setup procedure when installing the new service and
> router years ago.
>
> Hope this helps someone else from doing too many unnecessary changes
> to fix someone else's problem, and saves the slap I just gave myself
> on the head.
>
> Thanks guys for the help - that is what eventually lead to my DOH!
> moment anyway.
Note that this will only work if your authoritative server will handle
recursive requests from you (for looking up domains other than your
own). This is not always the case.
Paul.
More information about the fedora-list
mailing list