Gary Lopez wrote:
> Hello everyone,
> This problem started over the weekend and not sure why. I have been
> running the same version of bind 8.1.2 on Solaris 2.7 for the past 4
> years without incident. Since this weekend however I started seeing
> error messages about wrong ans. name and bad referrals. Is this an
> attack or is there something in my bind configuration I need to modify?
>
> example:
>
> Jun 27 07:21:40 named[11645]: bad referral (. !< pebble.com)
> Jun 27 07:21:40 DNS-server named[11645]: bad referral
> (169.218.in-addr.arpa !< 87.169.218.in-addr.arpa)
> Jun 27 07:21:40 DNS-server last message repeated 1 time
> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
> (g.www.ms.akadns.net != toggle.www.ms.akadns.net)
> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
> (lb1.www.ms.akadns.net != toggle.www.ms.akadns.net)
> Jun 27 07:21:51 DNS-server last message repeated 5 times
> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
> (lb1.www.ms.akadns.net != g.www.ms.akadns.net)
> Jun 27 07:21:51 DNS-server last message repeated 3 times
> Jun 27 07:22:09 DNS-server named[11645]: bad referral (. !< sandgrabber.com)
>

Probably nothing in your configuration you can do to affect this.

Is it an attack? Quite likely, since 8.1.2 is/was very exploitable.

You *really* need to upgrade. BIND 8 is up to 8.4.7, and BIND 9 (a
complete rewrite and the preferred version) is up to 9.3.2.


- Kevin