Jim Perrin wrote:
On 12/6/05, Sam Drinkard sam@wa4phy.net wrote:
Found this entry in the log this morning. Never have seen such before.......
--------------------- Named Begin ------------------------
**Unmatched Entries** dispatch 0x8ea6e48: shutting down due to TCP receive error: connection reset: 1 Time(s)
---------------------- Named End -------------------------
-- Snowman
As I understand it, this is caused by named being fed bad packets, either by some form of automated attack, or crappy dns server that named queried on its way to find out what you asked it for. Depending on the verbosity of the named logs you keep, you could grep this out, and look at the queries near it to see if there's a particular cause. Or it may not be worth it to you.
-- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center _______________________________________________
Thanks Jim. I'd never ever seen anything happen to named, on BSD or Linux before. As for logs, what level of logging is "stock" is what I would expect doing a dump. May give that a shot and see what, if anything is in there. Not really been plagued by hackers too much, but I notice I've been probed several days in a row now from something/body in the same /16 ip block. Don't think it's local to the colocation site tho.