The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

'lame server resolving' - I'm getting hammered with these

Discussion in 'General Discussion' started by Vatoloco, Mar 24, 2006.

  1. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    I'm getting thousands and thousands of entries in /var/log/messages every day like this:

    Code:
    Mar 24 18:44:31 cherish named[22252]: lame server resolving 'yshoo.com' (in 'yshoo.$
    Mar 24 18:44:31 cherish named[22252]: lame server resolving 'yshoo.com' (in 'yshoo.$
    Mar 24 18:44:31 cherish named[22252]: lame server resolving 'yshoo.com' (in 'yshoo.$
    Mar 24 18:44:31 cherish named[22252]: lame server resolving 'yshoo.com' (in 'yshoo.$
    Mar 24 18:45:37 cherish named[22252]: lame server resolving 'mail1.n-soft.com' (in $
    Mar 24 18:48:11 cherish named[22252]: lame server resolving 'yahpp.com' (in 'yahpp.$
    Mar 24 18:48:11 cherish named[22252]: lame server resolving 'yahpp.com' (in 'yahpp.$
    Mar 24 18:48:11 cherish named[22252]: lame server resolving 'yahpp.com' (in 'yahpp.$
    Mar 24 18:48:11 cherish named[22252]: lame server resolving 'yahpp.com' (in 'yahpp.$
    Mar 24 18:48:54 cherish named[22252]: lame server resolving 'jomtrucking.com' (in '$
    Mar 24 18:48:56 cherish named[22252]: lame server resolving 'aehh.org' (in 'AEHH.OR$
    Mar 24 18:51:51 cherish named[22252]: lame server resolving 'lpshuvrqdolvhg.sn' (in$
    My server load was through the rough tonight (like 695). I don't know if that was the reason or not but it's the only thing unusual that I could see. I would like to just stop them all.

    I only have two websites that I'm hosting on my server and none of those lame server entries are even remotely related to either one of them. Is there some way to just disable nameserver resolving? I'm pretty sure that I don't even use it because I'm leasing my server from ev1 and I had to put ns1.ev1servers.net and ns2.ev1servers.net for the DNS on my domains.
     
  2. MattGetWeb

    MattGetWeb Well-Known Member

    Joined:
    Aug 4, 2005
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    The default bind configuration in cPanel is horrible. Fortunately, you can change some things and cPanel won't stomp over them during an update (in my experience).

    Add this to /etc/named.conf in the "options" section.

    allow-recursion { localhost; };
    allow-query { any; };

    ie.

    Code:
    options {
            directory "/var/named";
            version "mmm, donuts";
            allow-recursion { localhost; };
            allow-query { any; };
    };
    
    This will help prevent anyone but your server from using your dns to look up hosts you aren't authoratative for (recursive lookups), but still allow you to run your own zones as master. That should eliminate the possibility that it is someone else's queries causing your issue.

    If you just want to clean up the logs, add this to /etc/named.conf, probably below the options section. This sends lame server logs to the bit bucket.

    Code:
    logging {
            category lame-servers { null; };
    };
    
    Edit: I should add that this won't solve much of anything if those domains are being looked up by queued mail. You can't help typos and obfuscated spam. Maybe simply clearing garbage out of your mail queue along with the other tips is the solution for you.
     
    #2 MattGetWeb, Mar 26, 2006
    Last edited: Mar 26, 2006
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The logging statement is probably your best bet. Allowing recursion from only localhost will likely render local DNS recursion inopperable - you should list all your local IP addresses to be sure. See the main thread on the forums about the recursion issue.
     
  4. Vatoloco

    Vatoloco Well-Known Member

    Joined:
    Jun 21, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for the tips. I actually tried turning off BIND altogether in WHM and it broke my e-mails. :)

    I'll try adding the settings above to see how it effects everything.
     
Loading...

Share This Page