Named Crashing and not restarting
For some reason named is crashing and not restarting property after that.
When i check /var/log/messages i can see a not of entries like this:
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.NNN#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.NNN#53
This entry kind of entry is repeating a lot..
That is happening with at least 4 domains that USED ( past time ) to be hosted at my server.. not hosted anymore. and the IPs do correspond to my server.
After that named appears to just shutdown and i have to restart it via SSH
Nov 23 02:14:23 server /etc/init.d/named: named shutdown failed
Nov 23 02:14:23 server named[11620]: starting BIND 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 -u named
Nov 23 02:14:23 server named[11620]: adjusted limit on open files from 4096 to 1048576
Nov 23 02:14:23 server named[11620]: found 4 CPUs, using 4 worker threads
Nov 23 02:14:23 server named[11620]: using up to 4096 sockets
Nov 23 02:14:23 server named[11620]: loading configuration from '/etc/named.conf'
I did try to rebuild named.conf but appearts the entryes at /var/logs/message are still showing up.
Any ideas why is this happeing and why is named shutting down ??
Appreciate the help.
-
I updated my named.config to: include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; acl "trusted" { 127.0.0.1; }; options { allow-recursion { trusted; }; allow-notify { trusted; }; allow-transfer { trusted; }; }; and the message log stopped receiving the old entries but now is getting a lot of entries coming from different IPs like this: Nov 23 17:05:59 server named[28558]: client 84.189.212.224#39162: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:05:59 server named[28558]: client 84.189.212.224#6294: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:05:59 server named[28558]: client 84.189.212.224#1849: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:05:59 server named[28558]: client 84.189.212.224#20788: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:05:59 server named[28558]: client 84.189.212.224#45512: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:05:59 server named[28558]: client 84.189.212.224#53854: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:06:00 server named[28558]: client 84.189.212.224#47199: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:06:00 server named[28558]: client 84.189.212.224#1191: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:06:00 server named[28558]: client 84.189.212.224#40500: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:06:00 server named[28558]: client 84.189.212.224#29222: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 17:06:00 server named[28558]: client 84.189.212.224#38163: query (cache) 'a.packetdevil.com/A/IN' denied Any ideas?? 0 -
those errors are remote IP trying to use your DNS as a resolver and being denied because you disabled recursion 0 -
Thanks for the answer Dalem... Anything to worry about.. like a DNS attack or something like that?? At this time my named.conf is: options { recursion no; allow-query { any; }; allow-query-cache { localhost; localnets; }; allow-recursion { localhost; }; allow-notify { trusted; }; allow-transfer { trusted; }; }; My concern its because all the entries shows that this querys are coming from a bunch of different IP addresses but all asking for the same domains.. for example Nov 23 22:52:34 server named[11020]: client 65.95.222.244#4708: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:52:34 server named[11020]: client 65.95.222.244#11493: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:52:34 server named[11020]: client 65.95.222.244#42332: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:52:35 server named[11020]: client 200.98.150.142#56254: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:52:35 server named[11020]: client 200.98.150.142#13865: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:52:35 server named[11020]: client 200.98.150.142#59395: query (cache) 'a.packetdevil.com/A/IN' denied ... Nov 23 22:57:27 server named[11020]: client 66.183.199.46#51582: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:57:27 server named[11020]: client 66.183.199.46#37126: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:57:27 server named[11020]: client 66.183.199.46#23984: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:57:40 server named[11020]: client 24.255.39.134#19602: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:57:40 server named[11020]: client 24.255.39.134#65082: query (cache) 'a.packetdevil.com/A/IN' denied Nov 23 22:57:40 server named[11020]: client 24.255.39.134#39824: query (cache) 'a.packetdevil.com/A/IN' denied Server load looks fine (( 0.32 0.35 0.27 ))) so its not that this bunch of queries are increasing the load. 0 -
nothing to worry about get them all day on our DNS servers 0
Please sign in to leave a comment.
Comments
4 comments