My FC3 machine appears to be compromised, please help
Paul Howarth
paul at city-fan.org
Thu Apr 6 17:24:38 UTC 2006
T. Horsnell wrote:
> [Charset ISO-8859-1 unsupported, filtering to ASCII...]
>> Bob Brennan wrote:
>>> I am of course open to suggestions but am at the moment waiting for
>>> Demon to correct the hacked entries on their nameservers, if that
>>> doesn't work - I'll be back for more help!
>> This issue is probably only affecting Demon's customers at the moment
>> (assuming the same problem has not manifested itself on other providers'
>> nameservers).
>>
>> The main issue for you is that your own server is rewriting addresses
>> due to the bogus CNAME records. You can avoid this easily by installing
>> a caching nameserver on your own mail server. This will insulate you
>>from your ISP's DNS issues and may actually result in improved
>> performance for your mail server overall. This could be as simple as:
>>
>> yum install caching-nameserver
>> chkconfig named on
>> service named start
>>
>> Then edit /etc/resolv.conf, remove the existing nameserver entries and
>> add a "nameserver 127.0.0.1" entry. Your system should then be doing its
>> own DNS lookups and shouldn't see the bogus CNAME records.
>>
>> You may need to add PEERDNS=no to /etc/sysconfig/network to prevent your
>> /etc/resolv.conf getting clobbered by a DHCP client.
>>
>
> Couldnt similar be achieved by making temporary entries in /etc/hosts
> without having to install anything?
No, because sendmail can't lookup MX records using the hosts file and
will always try DNS first, regardless of nsswitch.conf settings.
Paul.
More information about the fedora-list
mailing list