Hi James, you seem to be running an open DNS resolver, is that correct? And if so, do you do it intentionally? I just received an US-CERT alert today that warns about ongoing amplification attacks, among others against DNS, but also against some other UDP based services. <https://www.us-cert.gov/ncas/alerts/TA14-017A> From the symptoms you describe I'd say that your DNS server is being used in such an attack. > I also see a chroot directory, but if I grep for named it doesn't appear > to be using the chroot(?): > # ps aux | grep named > named 3497 0.4 0.7 170088 15836 ? Ssl 23:02 0:02 > /usr/sbin/named -u named > root 3763 0.0 0.0 61192 764 pts/1 S+ 23:13 0:00 grep named Do you have the bind-chroot package installed? Best regards, Peter. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.centos.org/pipermail/centos/attachments/20140209/d30437e4/attachment-0005.sig>