Odd named messages...
Simon Waters
simonw at zynet.net
Wed Aug 2 09:36:40 UTC 2006
On Tuesday 01 Aug 2006 20:18, you wrote:
> Has anyone else seen an increase of the following named errors?
>
> Aug 1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error
> Aug 1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error
Noted similar here, started Jul 31 17:06:09 (GMT+1).
> .. someone trying some new anti-bind trickery?
The error can occur in "normal" usage of BIND9 so may reflect a change in
firewall practice or similar.
It is occurring on recursive servers with no remote recursive queries allowed,
so it is presumably in response to some query initiated locally (email/spam
related perhaps?).
We have spare disk space, I will enable query logging and see if it helps.
Suggest the DNS ops list may be best place to take further comments.
My best guess is ignorance over conspiracy. If I find a concrete answer I will
follow up to NANOG if appropriate.
Afraid my first attempt to investigate got side tracked into reporting some
phishing scam or other.
More information about the NANOG
mailing list