Odd named messages...

• Previous message (by thread): Odd named messages...
• Next message (by thread): Detecting parked domains
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 01 Aug 2006 20:18, you wrote:
> Has anyone else seen an increase of the following named errors?
>
> Aug  1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error
> Aug  1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error

Noted similar here, started Jul 31 17:06:09 (GMT+1).

> .. someone trying some new anti-bind trickery?

The error can occur in "normal" usage of BIND9 so may reflect a change in 
firewall practice or similar.

It is occurring on recursive servers with no remote recursive queries allowed, 
so it is presumably in response to some query initiated locally (email/spam 
related perhaps?).

We have spare disk space, I will enable query logging and see if it helps.

Suggest the DNS ops list may be best place to take further comments.

My best guess is ignorance over conspiracy. If I find a concrete answer I will 
follow up to NANOG if appropriate.

Afraid my first attempt to investigate got side tracked into reporting some 
phishing scam or other.

• Previous message (by thread): Odd named messages...
• Next message (by thread): Detecting parked domains
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]