Named Crashing and not restarting

absolutenetwork

Active Member
Dec 12, 2006
34
0
156
For some reason named is crashing and not restarting property after that.

When i check /var/log/messages i can see a not of entries like this:

Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.NNN#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.NNN#53

This entry kind of entry is repeating a lot..

That is happening with at least 4 domains that USED ( past time ) to be hosted at my server.. not hosted anymore. and the IPs do correspond to my server.

After that named appears to just shutdown and i have to restart it via SSH

Nov 23 02:14:23 server /etc/init.d/named: named shutdown failed
Nov 23 02:14:23 server named[11620]: starting BIND 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 -u named
Nov 23 02:14:23 server named[11620]: adjusted limit on open files from 4096 to 1048576
Nov 23 02:14:23 server named[11620]: found 4 CPUs, using 4 worker threads
Nov 23 02:14:23 server named[11620]: using up to 4096 sockets
Nov 23 02:14:23 server named[11620]: loading configuration from '/etc/named.conf'

I did try to rebuild named.conf but appearts the entryes at /var/logs/message are still showing up.

Any ideas why is this happeing and why is named shutting down ??

Appreciate the help.
 
Last edited:

absolutenetwork

Active Member
Dec 12, 2006
34
0
156
I updated my named.config to:

include "/etc/rndc.key";

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

acl "trusted" {
127.0.0.1;
};

options {
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
};

and the message log stopped receiving the old entries but now is getting a lot of entries coming from different IPs like this:

Nov 23 17:05:59 server named[28558]: client 84.189.212.224#39162: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:05:59 server named[28558]: client 84.189.212.224#6294: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:05:59 server named[28558]: client 84.189.212.224#1849: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:05:59 server named[28558]: client 84.189.212.224#20788: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:05:59 server named[28558]: client 84.189.212.224#45512: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:05:59 server named[28558]: client 84.189.212.224#53854: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:06:00 server named[28558]: client 84.189.212.224#47199: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:06:00 server named[28558]: client 84.189.212.224#1191: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:06:00 server named[28558]: client 84.189.212.224#40500: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:06:00 server named[28558]: client 84.189.212.224#29222: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 17:06:00 server named[28558]: client 84.189.212.224#38163: query (cache) 'a.packetdevil.com/A/IN' denied

Any ideas??
 

absolutenetwork

Active Member
Dec 12, 2006
34
0
156
Thanks for the answer Dalem...

Anything to worry about.. like a DNS attack or something like that??

At this time my named.conf is:

options {
recursion no;
allow-query { any; };
allow-query-cache { localhost; localnets; };
allow-recursion { localhost; };
allow-notify { trusted; };
allow-transfer { trusted; };
};


My concern its because all the entries shows that this querys are coming from a bunch of different IP addresses but all asking for the same domains.. for example

Nov 23 22:52:34 server named[11020]: client 65.95.222.244#4708: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:52:34 server named[11020]: client 65.95.222.244#11493: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:52:34 server named[11020]: client 65.95.222.244#42332: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:52:35 server named[11020]: client 200.98.150.142#56254: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:52:35 server named[11020]: client 200.98.150.142#13865: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:52:35 server named[11020]: client 200.98.150.142#59395: query (cache) 'a.packetdevil.com/A/IN' denied
...
Nov 23 22:57:27 server named[11020]: client 66.183.199.46#51582: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:57:27 server named[11020]: client 66.183.199.46#37126: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:57:27 server named[11020]: client 66.183.199.46#23984: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:57:40 server named[11020]: client 24.255.39.134#19602: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:57:40 server named[11020]: client 24.255.39.134#65082: query (cache) 'a.packetdevil.com/A/IN' denied
Nov 23 22:57:40 server named[11020]: client 24.255.39.134#39824: query (cache) 'a.packetdevil.com/A/IN' denied


Server load looks fine (( 0.32 0.35 0.27 ))) so its not that this bunch of queries are increasing the load.