The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

complete DNS failure NS still pings ??

Discussion in 'Bind / DNS / Nameserver Issues' started by sleuth1, Nov 23, 2004.

  1. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    This one has got me beat and this ts the first time come across it .

    All domains use the same nameservers ( all server domain nameservers)

    All sites and mail is down

    Nameservers still ping

    Nameservers still show A record

    Checked with registrar, nameservers still show correct ips there

    Rebooted nameservers still down , bind says ok in WHM , restarted bind says ok !!

    Any thoughts , this is what crosses my mind

    network card failure ? ( no because can login on ip)

    firewall ? unlikely will test

    hack ? unlikely all oyther services fine , no signs of this

    only clue bind says something about not listening on port ha getting warmer ?

    Anyone got ideas ? in a bad place here , 300 domains offline !!
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Does "rndc status" report anything?
     
  3. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    this is a tough one re out below /

    [/scripts]# rndc status
    number of zones: 2
    debug level: 0
    xfers running: 0
    xfers deferred: 0
    soa queries in progress: 0
    query logging is OFF
    server is up and running
    root@neobright [/scripts]#
     
  4. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You still have 300 domains off line? Rndc status looks okay except that you are only showing 2 zones for 300 domains? Anything that preceeded this problem?
     
  5. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    no nothing unusual and still offline , the techs at SM are not helpful.. yet , still waiting for some one interested enough to come over and crack this, looks like a long day/night .

    Dns report says on any domain on the server , yet the authority is set up and has been working for months no problem



    ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
     
  6. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    looks like the problem is in etc/named.conf below is what I get , no domains listed , how to restore this ???


    key "rndc-key" {
    algorithm hmac-md5;
    secret "fu91wVAO2dam53RyGBqmvg==";
    };


    controls {
    inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };




    zone "." {
    type hint;
    file "/var/named/named.ca";
    };
     
  7. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Have you checked in /etc for a named.back?
     
  8. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    yep there is a named back, how recent woulld this be, and any risk involved in just a copy and paste ( cant get any worse right ?)
     
  9. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Damn its empty . since the domains are all in whm must be a way of re entering them
     
  10. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    This is getting confusing now and I am comparing it to another server so bear with me

    named.back has the domains list

    but not named.conf.back which is empty
     
  11. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Did you check for other named backups like named.conf.back or named.safe? Don't know of any way to mass re-create that file. Suppose you could do a DNS Zone Edit on a domain and save to see if it would recreate the named.conf entries. Slow going on 300 domains but maybe better than nothing.
     
  12. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Sawbuck most of them are empty, but the files are all there , looks like this was a malicious act , cant see how else it could have occured ( but you never know ) do you know how many of these are used by bind ? some of them appear to be backups , these files seem to contain all the same info so I will try a copy and paste from the good one, and let you know , fingers crossed
     
  13. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Named.conf should be the only one actively used. Copy and paste seems the way to go. After you get up and running again might pay you to investigate a little more how it happened. Assume you are familiar with basic security tools like rkhunter? Good luck. I'm going to pack it up for tonight. Will be interested to hear what you discover.
     
  14. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Mate I could weep , SUCCESS , that name.conf file had been altered , so what I did was rename named.back to named.conf restart bind , thanks for your help Bud , 300 people will be off my back now . If any one else is reading put a copy of named.back in /root for safe keeping :D
     
Loading...

Share This Page