[Dshield] Nagios & DNS - Tuesday Morning

Mark Tombaugh mtombaugh at alliedcc.com
Wed Jun 16 19:41:29 GMT 2004


Hey list,

If anyone is wondering why their nagios DNS alerts lit up on Tuesday morning, 
its sort of a false positive. By default, nagios uses www.yahoo.com in its 
DNS checkcommand:

etc/checkcommands.cfg:  command_line    $USER1$/check_dns -H www.yahoo.com -s 
$HOSTADDRESS$

Since the ddos against Akamai diminished name resolution of www.yahoo.com our 
DNS monitors, and I'm assuming almost anyone using nagios, lit up across the 
board. Took me a minute to clue myself as to why this happened, I hope this 
helps others, if there are any, looking for the same clue.

http://www.merit.edu/mail.archives/nanog/msg05267.html
http://www.akamai.com/en/html/about/press/press459.html
http://isc.incidents.org/
http://www.nagios.org

-- 
Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC <http://www.usihost.com>



More information about the list mailing list