Possible DNS cache poisoning attack
Or, at least that's what it looks like.
Last nigh (Oct 28) we were barraged by thousands of emails with a return
path of facebookmail.com. Our MTA checks the return path of each
incoming message so as to reject anything that can't be replied to.
That, of course, requires a DNS lookup but every attempt to lookup
facebookmail.com timed out and when I flushed the cache, it would
resolve for a short while and then hang again until a again flushed my
cache. This effectively brought both of my email edge servers to their
knees as all the SMTP connections were tied up while the server was
waiting on DNS.
I upgraded back in July when the major security bug was discovered and
my name servers all run BIND 9.5.0-P1. I know there were a couple of
Windows specific updates since then which I ignored because I'm running
on Linux. Is that version otherwise at risk and do I need to update for