Hi James, you seem to be running an open DNS resolver, is that correct? And if so, do you do it intentionally? I just received an US-CERT alert today that warns about ongoing amplification attacks, among others against DNS, but also against some other UDP based services. <https://www.us-cert.gov/ncas/alerts/TA14-017A> From the symptoms you describe I'd say that your DNS server is being used in such an attack. > I also see a chroot directory, but if I grep for named it doesn't appear > to be using the chroot(?): > # ps aux | grep named > named 3497 0.4 0.7 170088 15836 ? Ssl 23:02 0:02 > /usr/sbin/named -u named > root 3763 0.0 0.0 61192 764 pts/1 S+ 23:13 0:00 grep named Do you have the bind-chroot package installed? Best regards, Peter.
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos