My FC3 machine appears to be compromised, please help
Bob Brennan
rbrennan96 at gmail.com
Thu Apr 6 20:10:18 UTC 2006
On 4/6/06, Les Mikesell <lesmikesell at gmail.com> wrote:
> On Thu, 2006-04-06 at 14:26, Bob Brennan wrote:
> > >
> > > yum install caching-nameserver
> > > chkconfig named on
> > > service named start
> > >
> > > Then edit /etc/resolv.conf, remove the existing nameserver entries and
> > > add a "nameserver 127.0.0.1" entry. Your system should then be doing its
> > > own DNS lookups and shouldn't see the bogus CNAME records.
> > >
> > > You may need to add PEERDNS=no to /etc/sysconfig/network to prevent your
> > > /etc/resolv.conf getting clobbered by a DHCP client.
> > >
> > > Paul.
> >
> > I will save this as a possible solution Paul but I am loathe to make
> > changes like that right now since I have many business customers on
> > the same server whose domains are not being affected. Unfortunately I
> > will have to wait on Demon's solution to 3 domain's problems rather
> > than risk taking down 30 myself.
>
> If you aren't running a nameserver now, this is a fairly safe
> step. Your own lookups depend on the contents of /etc/resolv.conf
> regardless of the presence of the nameserver on the same
> machine. You should be able to install caching-nameserver,
> test it out with 'dig @localhost' then modify /etc/resolv.conf
> to use 'nameserver 127.0.0.1' instead of whatever you are
> using now. If you see any problems, just put the old
> resolv.conf back.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
Well here's a great big DOH!!!! for all of us - if ns1.mydomain.com,
which is my authoritative DNS, is working properly and it's only
Demon's DNS servers that are screwed up, WHY NOT CHANGE NETWORK
SETTINGS TO USE THE DNS THAT WORKS!!! Sorry about shouting with caps,
but duh! on me. Now Sendmail knows that the domains are as they should
be, and are under my direct control rather than waiting for Demon to
sync up. Why use Demon DNS in the first place one might ask? Because
it was part of the setup procedure when installing the new service and
router years ago.
Hope this helps someone else from doing too many unnecessary changes
to fix someone else's problem, and saves the slap I just gave myself
on the head.
Thanks guys for the help - that is what eventually lead to my DOH!
moment anyway.
bob
More information about the users
mailing list