[91494] in North American Network Operators' Group
Re: Odd named messages...
daemon@ATHENA.MIT.EDU (Simon Waters)
Wed Aug 2 05:37:16 2006
From: Simon Waters <simonw@zynet.net>
To: nanog@merit.edu
Date: Wed, 2 Aug 2006 10:36:40 +0100
In-Reply-To: <Pine.LNX.4.33.0608011408050.6622-100000@morannon.the-infinite.org>
Errors-To: owner-nanog@merit.edu
On Tuesday 01 Aug 2006 20:18, you wrote:
> Has anyone else seen an increase of the following named errors?
>
> Aug 1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error
> Aug 1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error
Noted similar here, started Jul 31 17:06:09 (GMT+1).
> .. someone trying some new anti-bind trickery?
The error can occur in "normal" usage of BIND9 so may reflect a change in
firewall practice or similar.
It is occurring on recursive servers with no remote recursive queries allowed,
so it is presumably in response to some query initiated locally (email/spam
related perhaps?).
We have spare disk space, I will enable query logging and see if it helps.
Suggest the DNS ops list may be best place to take further comments.
My best guess is ignorance over conspiracy. If I find a concrete answer I will
follow up to NANOG if appropriate.
Afraid my first attempt to investigate got side tracked into reporting some
phishing scam or other.
