The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Named Crashing and not restarting

Discussion in 'General Discussion' started by absolutenetwork, Nov 23, 2013.

  1. absolutenetwork

    absolutenetwork Active Member

    Joined:
    Dec 12, 2006
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    For some reason named is crashing and not restarting property after that.

    When i check /var/log/messages i can see a not of entries like this:

    Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
    Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
    Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
    Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.NNN#53
    Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.MMM#53
    Nov 23 01:06:38 server named[3513]: lame server resolving '13miYYY.com' (in '13miYYY.com'?): XX.71.YYY.NNN#53

    This entry kind of entry is repeating a lot..

    That is happening with at least 4 domains that USED ( past time ) to be hosted at my server.. not hosted anymore. and the IPs do correspond to my server.

    After that named appears to just shutdown and i have to restart it via SSH

    Nov 23 02:14:23 server /etc/init.d/named: named shutdown failed
    Nov 23 02:14:23 server named[11620]: starting BIND 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 -u named
    Nov 23 02:14:23 server named[11620]: adjusted limit on open files from 4096 to 1048576
    Nov 23 02:14:23 server named[11620]: found 4 CPUs, using 4 worker threads
    Nov 23 02:14:23 server named[11620]: using up to 4096 sockets
    Nov 23 02:14:23 server named[11620]: loading configuration from '/etc/named.conf'

    I did try to rebuild named.conf but appearts the entryes at /var/logs/message are still showing up.

    Any ideas why is this happeing and why is named shutting down ??

    Appreciate the help.
     
    #1 absolutenetwork, Nov 23, 2013
    Last edited: Nov 23, 2013
  2. absolutenetwork

    absolutenetwork Active Member

    Joined:
    Dec 12, 2006
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    I updated my named.config to:

    include "/etc/rndc.key";

    controls {
    inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };

    acl "trusted" {
    127.0.0.1;
    };

    options {
    allow-recursion { trusted; };
    allow-notify { trusted; };
    allow-transfer { trusted; };
    };

    and the message log stopped receiving the old entries but now is getting a lot of entries coming from different IPs like this:

    Nov 23 17:05:59 server named[28558]: client 84.189.212.224#39162: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:05:59 server named[28558]: client 84.189.212.224#6294: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:05:59 server named[28558]: client 84.189.212.224#1849: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:05:59 server named[28558]: client 84.189.212.224#20788: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:05:59 server named[28558]: client 84.189.212.224#45512: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:05:59 server named[28558]: client 84.189.212.224#53854: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:06:00 server named[28558]: client 84.189.212.224#47199: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:06:00 server named[28558]: client 84.189.212.224#1191: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:06:00 server named[28558]: client 84.189.212.224#40500: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:06:00 server named[28558]: client 84.189.212.224#29222: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 17:06:00 server named[28558]: client 84.189.212.224#38163: query (cache) 'a.packetdevil.com/A/IN' denied

    Any ideas??
     
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    those errors are remote IP trying to use your DNS as a resolver and being denied because you disabled recursion
     
  4. absolutenetwork

    absolutenetwork Active Member

    Joined:
    Dec 12, 2006
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the answer Dalem...

    Anything to worry about.. like a DNS attack or something like that??

    At this time my named.conf is:

    options {
    recursion no;
    allow-query { any; };
    allow-query-cache { localhost; localnets; };
    allow-recursion { localhost; };
    allow-notify { trusted; };
    allow-transfer { trusted; };
    };


    My concern its because all the entries shows that this querys are coming from a bunch of different IP addresses but all asking for the same domains.. for example

    Nov 23 22:52:34 server named[11020]: client 65.95.222.244#4708: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:52:34 server named[11020]: client 65.95.222.244#11493: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:52:34 server named[11020]: client 65.95.222.244#42332: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:52:35 server named[11020]: client 200.98.150.142#56254: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:52:35 server named[11020]: client 200.98.150.142#13865: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:52:35 server named[11020]: client 200.98.150.142#59395: query (cache) 'a.packetdevil.com/A/IN' denied
    ...
    Nov 23 22:57:27 server named[11020]: client 66.183.199.46#51582: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:57:27 server named[11020]: client 66.183.199.46#37126: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:57:27 server named[11020]: client 66.183.199.46#23984: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:57:40 server named[11020]: client 24.255.39.134#19602: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:57:40 server named[11020]: client 24.255.39.134#65082: query (cache) 'a.packetdevil.com/A/IN' denied
    Nov 23 22:57:40 server named[11020]: client 24.255.39.134#39824: query (cache) 'a.packetdevil.com/A/IN' denied


    Server load looks fine (( 0.32 0.35 0.27 ))) so its not that this bunch of queries are increasing the load.
     
  5. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    nothing to worry about get them all day on our DNS servers
     
Loading...

Share This Page