[dns-operations] CVE 2015-8000 actively exploited yesterday
mghali at snark.net
Thu Dec 17 17:54:50 UTC 2015
Not quite that easy to solve. In the case of a fatal error or resource starvation, that's a good recipe for a DOS against your system as it spins in a tight restart loop.
At the minimum you want a limit on restarts, possibly in a given time period. More realistically you should also consider some sort of increasing (possibly exponential) cool off period between restarts.
> On Dec 16, 2015, at 5:49 PM, Robert Edmonds <edmonds at mycre.ws> wrote:
> Jared Mauch wrote:
>> Either way, diversity creates options and building a solution to restart
>> the daemon is as easy as:
>> while true; do
>> /usr/sbin/named -f $OTHER_ARGS
> Well, if you go down that route, please make sure there's a ! in the
> shebang :-)
> Robert Edmonds
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6100 bytes
Desc: not available
More information about the dns-operations