both recursive-only BIND9 went deaf until rebooted
lconrad at go2france.com
lconrad at go2france.com
Wed Aug 13 13:52:28 UTC 2014
fbsd 8.2 VM with BIND 9.9.5
fbsd 10.0-RELEASE VM with BIND 9.10.0-P2
the older machine had uptime of 400+ days, the new machine only a
couple weeks
24 hour query logging shows several million queries/day
At about the same time last night, both stopped answering queries
until rebooted.
before reboot,
load of about 1 (we see elevated load alerts with ssh brute force
attacks)
memory not swapping, plenty of free MBs.
nothing in syslog,
no sign of ssh brute force, ssh worked
rndc status showed ok
sockstat -4 showed bind listening on :53
all DNS queries from outside the machines timed out
ssh shell command:
"dig @127.0.0.1 domain.tld any" answered normally
What other forensics could have been checked?
thanks
Len
More information about the bind-users
mailing list