[CentOS] bind (named) compromised?

Sun Feb 9 12:31:32 UTC 2014
Nux! <nux at li.nux.ro>

On 09.02.2014 04:19, James Pifer wrote:
> I'm having problems where my upstream bandwidth is being saturated. 
> I've
> narrowed it down to a DNS issue of some type. If I stop the named
> service then my bandwidth drops to "normal" according to my untangle
> firewall.

Your dns server may be used in a reflection/amplification attack, is it 
an open resolver?
Read e.g. 
http://www.mill-yard.com/2013/07/centos-bind-blocking-dns-reflection-or-amplification-ddos-attacks-using-recursive-dns-lookups/

-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro