Re: Does bind send email?

2010-07-09 Thread tomasz dereszynski 

 On 7/9/2010 4:57 AM, Chiesa Stefano wrote:

 27/05/2010  17.06.32 1094  C:\bind\bin\named.exe Protezione
 antivirus standard:Impedisci a worm distribuiti tramite mass-mailing di
 inviare messaggi 93.49.247.253:25

 (translated from italian: Prevent mass mailing worms from sending mail).

 What is strange is the blocked process: C:\bind\bin\named.exe (our
 Windows 2003 Bind 9.6.0-P1 installation).

 So, does bind send email?

 BIND does not send e-mail.  I'd be curious if you have any way of
 telling exactly what the trigger was for the anti-virus code.

 BTW, as I'm sure someone else will if I don't, please start new threads
 by sending a new e-mail to bind-users@ and not by replying to another
 already in-progress thread.

 AlanC

check below link
apparently viruses (some) hide themselves behind that name/process.
http://www.file.net/process/named.exe.html

mind you, it might be something else ...

-- 

bEsT rEgArDs|   Confidence is what you have before you
tomasz dereszynski  |   understand the problem. -- Woody Allen
|
Spes confisa Deo|   In theory, theory and practice are much
numquam confusa recedit |   the same. In practice they are very
|   different. -- Albert Einstein


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind9 logging options

2010-05-18 Thread Tomasz Dereszynski 

Quoting sth...@nethelp.no:


No! Log files are indicating any issue! The only indication I have about the
problem, is the lack if queries in the log files. No timeouts, no  
failures. I

even tried to query a fake domain. The result was a normal record (with A+).
I did not find any error!
So, how on earth do I log them?


Use a packet sniffer (e.g. tcpdump, wireshark) on your DNS servers to
capture the DNS traffic.



if you set it to capture only 53 port and to save files up to  
reasonable size you can leave it running for 24h without a problem -  
wouldnt recommend doing that without specifying port/service.


t

--

bEsT rEgArDs|   Confidence is what you have before you
tomasz dereszynski  |   understand the problem. -- Woody Allen
|
Spes confisa Deo|   In theory, theory and practice are much
numquam confusa recedit |   the same. In practice they are very
|   different. -- Albert Einstein



This message was sent using IMP, the Internet Messaging Program.


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users