Issue with Bind

Hello everyone, I am really stuck. My server is completely messed up and I am not sure what the issue is. I am getting a TON of these errors in the /var/log/messages

Dec 30 13:38:02 server kernel: [ 6763.793709] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=198.27.88.230 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62171 SEQ=1
Dec 30 13:38:02 server kernel: [ 6763.951813] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=158.69.103.112 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62171 SEQ=1
Dec 30 13:38:17 server kernel: [ 6779.059999] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=158.69.103.114 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34606 SEQ=1
Dec 30 13:38:17 server kernel: [ 6779.078496] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=158.69.103.115 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34606 SEQ=1
Dec 30 13:38:32 server kernel: [ 6794.141319] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=158.69.103.115 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12183 SEQ=1
Dec 30 13:38:32 server kernel: [ 6794.218951] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=198.27.88.230 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12183 SEQ=1
Dec 30 13:38:47 server kernel: [ 6809.265822] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=192.99.9.227 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55866 SEQ=1
Dec 30 13:38:47 server kernel: [ 6809.302195] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=158.69.103.113 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55866 SEQ=1
Dec 30 13:39:01 server kernel: [ 6823.132664] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.99.9.227 DST=37.187.231.251 LEN=209 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=38698 DPT=6130 LEN=189 UID=0 GID=0
Dec 30 13:39:01 server kernel: [ 6823.153991] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.99.9.227 DST=37.187.231.251 LEN=216 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=40964 DPT=6136 LEN=196 UID=0 GID=0
Dec 30 13:39:01 server kernel: [ 6823.169510] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.99.9.227 DST=37.187.231.251 LEN=190 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=35026 DPT=6170 LEN=170 UID=0 GID=0
Dec 30 13:39:01 server kernel: [ 6823.169852] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.99.9.227 DST=37.187.231.251 LEN=309 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=54773 DPT=6140 LEN=289 UID=0 GID=0
Dec 30 13:39:01 server kernel: [ 6823.170212] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.99.9.227 DST=37.187.231.251 LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=60343 DPT=6162 LEN=45 UID=0 GID=0
Dec 30 13:39:02 server kernel: [ 6823.776525] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=192.95.22.76 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29225 SEQ=1
Dec 30 13:39:02 server kernel: [ 6824.186813] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=158.69.103.115 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29225 SEQ=1
Dec 30 13:39:17 server kernel: [ 6838.950863] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=158.69.103.115 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17514 SEQ=1
Dec 30 13:39:17 server kernel: [ 6839.097712] Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=00:25:90:7b:44:7a:00:ff:ff:ff:ff:fe:08:00 SRC=92.222.186.1 DST=198.27.88.230 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17514 SEQ=1

Also, Any of my clients websites that point to my NS. Are down. Bind and Named are showing up but I just cannot figure out where to start. Any advice would be greatly helpful! Jake

ae9803

December 30, 2015 20:23

Also, I would like to add that I did update the server. I currently run Centos 6.7

Infopro

December 30, 2015 20:30

That output is from your firewall of course. It shows us no errors, only blocks. What is the actual issue you're having? If it's DNS related, you might check the domain for issues using a site like intodns.com

December 30, 2015 20:44

Hello, Thankyou so much for the reply. I have checked here, - Removed - I am not sure with those errors what seems to be the issue. BIND is up, but I cannot troubleshoot because every log that I have looked at isnt displaying issue. But, like I said, every domain that is pointed to the name servers ns1.example.com and ns2.example.com arent resolving after I updated centos. Also here is the output of DIG if this helps at all.... LOL


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43564
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;example.com.         IN      A

;; ANSWER SECTION:
example.com.  14400   IN      A       158.69.xxx.xxx

;; AUTHORITY SECTION:
example.com.  86400   IN      NS      ns2.example.com.
example.com.  86400   IN      NS      ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com. 14400 IN     A       192.95.xx.xx
ns2.example.com. 14400 IN     A       198.27.xx.xxx

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 30 15:48:52 2015
;; MSG SIZE  rcvd: 123

December 30, 2015 22:14

Check your firewall's blocked IPs list for your own IP addresses to make sure they're not blocked. You don't appear to have your DNS setup properly for the nameservers.

December 30, 2015 22:28

Everything had been set up fine before the update and I actually have been running smoothly for months before this issue... For anyone with this issue, under option fixed the issue right away. listen-on port 53 { any; }; allow-query { any; }; allow-recursion { any; };

December 30, 2015 22:29

For anyone with this issue, under option fixed the issue right away.

Under what option exactly?

December 30, 2015 22:31

options {
query-source port 53;
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    allow-recursion { any; };
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};

I guess the code wasnt picking up on the forum? Hopefully that works

December 30, 2015 23:02

Though setting allow-query any is very unsafe, I cannot find away around it.... I get alot of these errors Dec 30 18:01:11 server named[30337]: client 130.207.54.136#4438: query 'ns1.example.com/AAAA/IN' denied

Issue with Bind

Comments

Didn't find what you were looking for?