Thanks Kevin.
I am trying to convince to company to upgrade. This is a company that
believes in "if it ain't broke don't upgrade it".

Gary D Lopez
Unix Systems Administrator
Catapult Communications
160 S Whisman Rd
Mountain View, CA 94041
Ph (650) 314-1029
Fax (650) 960-1029


Kevin Darcy wrote:
> Gary Lopez wrote:
>> Hello everyone,
>> This problem started over the weekend and not sure why. I have been
>> running the same version of bind 8.1.2 on Solaris 2.7 for the past 4
>> years without incident. Since this weekend however I started seeing
>> error messages about wrong ans. name and bad referrals. Is this an
>> attack or is there something in my bind configuration I need to modify?
>>
>> example:
>>
>> Jun 27 07:21:40 named[11645]: bad referral (. !< pebble.com)
>> Jun 27 07:21:40 DNS-server named[11645]: bad referral
>> (169.218.in-addr.arpa !< 87.169.218.in-addr.arpa)
>> Jun 27 07:21:40 DNS-server last message repeated 1 time
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
>> (g.www.ms.akadns.net != toggle.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
>> (lb1.www.ms.akadns.net != toggle.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server last message repeated 5 times
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
>> (lb1.www.ms.akadns.net != g.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server last message repeated 3 times
>> Jun 27 07:22:09 DNS-server named[11645]: bad referral (. !< sandgrabber.com)
>>

> Probably nothing in your configuration you can do to affect this.
>
> Is it an attack? Quite likely, since 8.1.2 is/was very exploitable.
>
> You *really* need to upgrade. BIND 8 is up to 8.4.7, and BIND 9 (a
> complete rewrite and the preferred version) is up to 9.3.2.
>
>
> - Kevin
>
>
>