My FC3 machine appears to be compromised, please help
Les Mikesell
lesmikesell at gmail.com
Thu Apr 6 19:48:12 UTC 2006
On Thu, 2006-04-06 at 14:26, Bob Brennan wrote:
> >
> > yum install caching-nameserver
> > chkconfig named on
> > service named start
> >
> > Then edit /etc/resolv.conf, remove the existing nameserver entries and
> > add a "nameserver 127.0.0.1" entry. Your system should then be doing its
> > own DNS lookups and shouldn't see the bogus CNAME records.
> >
> > You may need to add PEERDNS=no to /etc/sysconfig/network to prevent your
> > /etc/resolv.conf getting clobbered by a DHCP client.
> >
> > Paul.
>
> I will save this as a possible solution Paul but I am loathe to make
> changes like that right now since I have many business customers on
> the same server whose domains are not being affected. Unfortunately I
> will have to wait on Demon's solution to 3 domain's problems rather
> than risk taking down 30 myself.
If you aren't running a nameserver now, this is a fairly safe
step. Your own lookups depend on the contents of /etc/resolv.conf
regardless of the presence of the nameserver on the same
machine. You should be able to install caching-nameserver,
test it out with 'dig @localhost' then modify /etc/resolv.conf
to use 'nameserver 127.0.0.1' instead of whatever you are
using now. If you see any problems, just put the old
resolv.conf back.
--
Les Mikesell
lesmikesell at gmail.com
More information about the users
mailing list