One interesting point is that the named entries are all in
UTC time, not
EDT time. What do I need to correct this issue? Any ideas?
Albert E. Whale wrote:
> OK, idea #1 - Include the spywaredomains in the
named.conf file directly.
>
> 1. Startup appears to complete, but the following is
found in the
> logfile:
> Sep 12 12:24:40 ns4 named[10378]: zone mipham.org/IN:
sending notifies
> (serial 2006082201)
> Sep 12 12:24:40 ns4 named[10378]: zone
mortismaximus.com/IN: sending
> notifies (serial 2006082201)
> Sep 12 12:24:45 ns4 named[10378]: zone
protect-yourself.biz/IN:
> sending notifies (serial 2006082201)
> Sep 12 12:24:55 ns4 named[10378]: zone
prsainlandempire.org/IN:
> sending notifies (serial 2006082201)
> Sep 12 12:25:00 ns4 named[10378]: zone
nesrecords.com/IN: sending
> notifies (serial 2006082201)
> Sep 12 12:25:26 ns4 named[10378]: zone
newcracks.com/IN: sending
> notifies (serial 2006082201)
> Sep 12 12:25:51 ns4 named[10378]: zone
search-top.com/IN: sending
> notifies (serial 2006082201)
> Sep 12 12:26:21 ns4 named[10378]: zone
seehardcore.com/IN: sending
> notifies (serial 2006082201)
> Sep 12 12:26:36 ns4 named[10378]: zone
search-space.com/IN: sending
> notifies (serial 2006082201)
> Sep 12 12:26:51 ns4 named[10378]: zone
search-town.com/IN: sending
> notifies (serial 2006082201)
>
> It is disturbing that the completion occurs in about 20
seconds and
> the logfile information appears to drag out. I believe
that this is
> the actual issue.
>
> While I can perform the other suggestion, I believe
that this is the
> problem. Would this be a System configuration issue?
>
> David Glosser wrote:
>> Two ideas (not solutions, but an attempt to isolate
the problem: -
>> Don't use the include line, and add the domains
into the main file
>> - modify the DNS-BH list domain file to have only a
few domains
>>
>> Does either of these work?
>> ----- Original Message ----- From: "Albert E.
Whale"
>> <aewhale ABS-CompTech.com>
>> To: <mjonkmaninfotex.com>
>> Cc: <bleeding-sigsbleedingsnort.com>
>> Sent: Sunday, September 10, 2006 11:08 PM
>> Subject: Re: [Bleeding-sigs] Question on BlackHole
DNS
>>
>>
>>> Matt Jonkman wrote:
>>>> What's load like on the box while it's
working?
>>>>
>>>> Are the config's identical?
>>>>
>>>> Does the named process remain running, or
core out? Do you have to
>>>> kill it?
>>>>
>>>> Matt
>>>
>>> The Configurations are identical.
>>>
>>> The load average is under one (< 1.0), which
I consider normal
>>>
>>> I have to kill the named process in order to
get control back. If I
>>> comment out the include line for the BlackHole
list, named appears
>>> to operate normally.
>>>
>>> Any suggestions?
>>>
>>> --
>>> Albert E. Whale, CHS CISA CISSP
>>> Sr. Security, Network, Risk Assessment and
Systems Consultant
>>>
------------------------------------------------------------
-------
>>> ABS Computer Technology, Inc. -
www.ABS-CompTech.com
>>> SPAM Zapper - No-JunkMail.com - Spam-Zapper.com
- SPAM Stops Here.
>>>
>>> _______________________________________________
>>> Bleeding-sigs mailing list
>>> Bleeding-sigsbleedingsnort.com
>>> http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
>>
>
>
--
Albert E. Whale, CHS CISA CISSP
Sr. Security, Network, Risk Assessment and Systems
Consultant
------------------------------------------------------------
-------
ABS Computer Technology, Inc. - www.ABS-CompTech.com
SPAM Zapper - No-JunkMail.com - Spam-Zapper.com - SPAM Stops
Here.
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
|