bind 9 goes rogue and revert zone information
Raul Dias
raul at dias.com.br
Tue Feb 7 14:34:22 UTC 2017
Sorry,
Static files.
It is the master server.
No dynamic updates.
Host under lxc with only bind ports open.
On Tue, Feb 7, 2017, 12:27 Alberto Colosi <alcol at hotmail.com> wrote:
> hi is unclear named structure if is a slave a master if dynamic updates
> are enabled and if the unix box has been hacked
>
> as last , zones are static files on fs ?
>
>
> ------------------------------
> *From:* bind-users <bind-users-bounces at lists.isc.org> on behalf of Raul
> Dias <raul at dias.com.br>
> *Sent:* Tuesday, February 7, 2017 3:03 PM
> *To:* bind-users at lists.isc.org
> *Subject:* bind 9 goes rogue and revert zone information
>
> Hello,
>
> I have a very strange behavior that I am failing to understand.
>
> 2 to 5 times a week, a named server revert back to a previous version os
> a master zone.
> This happens during the night, usually around 20h EST.
>
> This zone has a serial of 3017020401 (yes, I typo the 3 somewhere in the
> past).
> When it reverts its zone information, it goes back to 3016060101.
>
> I have updated, restarted the host, clean all cache and journal files,
> grep all files in the host for 3016060101 (just shows up in the logs).
>
> So, I have no clue why, or how it is happening. Where does it get the
> old information.
>
> I thought first about the serial, but it would have happened in the past
> too, right? As it should be a 32bit unsigned integer, it shouldn't be a
> problem, IMHO.
>
> Yet, when "dig domain -t SOA @server", it is there again.
>
> The host is a debian Jessie and bind is 9.9.5, 1:9.9.5.dfsg-9+deb8u8
> more specifically.
>
>
> Thanks for any direction.
> -rsd
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users Info Page - Internet Systems Consortium
> <https://lists.isc.org/mailman/listinfo/bind-users>
> lists.isc.org
> To see the collection of prior postings to the list, visit the bind-users
> Archives. Using bind-users: To post a message to all the list members, send
> ...
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> bind-users Info Page - Internet Systems Consortium
> <https://lists.isc.org/mailman/listinfo/bind-users>
> lists.isc.org
> To see the collection of prior postings to the list, visit the bind-users
> Archives. Using bind-users: To post a message to all the list members, send
> ...
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170207/1e85a547/attachment-0001.html>
More information about the bind-users
mailing list