Troubleshooting BIND stops responding

i.chudov at volga.ttk.ru i.chudov at volga.ttk.ru
Thu Mar 30 04:35:13 UTC 2017 

Greetings to everyone!

I'm an engineer at local ISP and we have to provide 2 DNS servers running 
BIND for our clients. We have logs full of various BIND errors but are 
unable to gain full understanding of the problem. The main problem is that 
the BIND at 213.80.236.18 sometimes stops responding after working fine 
for about a week. Then BIND just doesn't return any responses and we have 
to restart it. There is a suspicion of a weak (because other services are 
running normally) DoS attack but I don't know the right way to determine 
if it is so or not. I would be glad if anyone be so kind to help us to 
solve this issue.

The machines have the IPv4 addresses: 217.23.80.4 (BIND version 9.9.4) and 
213.80.236.18 (BIND version 9.9.5-r3) and have to resolve hostnames only 
for ISP customers (and refuse to resolve for others) BUT we want to be 
able to resolve our specific zones like vtt.net for anybody trying in case 
of authoritative nameserver failures.

I can post the configuration files like citation/attachment if it's 
appropriate.

And here is log samples from 213.80.236.18:
dns_more.log (configured as "channel enhlog/severity info;"):
30-Mar-2017 08:19:31.001 rate-limit: stop limiting NXDOMAIN responses to 
213.80.210.0/24 for .  (00000000)
30-Mar-2017 08:19:38.822 resolver: DNS format error from 173.245.59.100#53 
resolving 82.51.18.104.in-addr.arpa/PTR for client 188.168.243.125#15693: 
Name 104.in-addr.arpa (SOA) not subdomain of zone 18.104.in-addr.arpa -- 
invalid response
30-Mar-2017 08:19:38.840 resolver: DNS format error from 173.245.58.100#53 
resolving 82.51.18.104.in-addr.arpa/PTR for client 188.168.243.125#15693: 
Name 104.in-addr.arpa (SOA) not subdomain of zone 18.104.in-addr.arpa -- 
invalid response
30-Mar-2017 08:19:51.428 resolver: clients-per-query decreased to 19
30-Mar-2017 08:19:54.725 resolver: DNS format error from 
205.251.192.232#53 resolving now.dolphin.com/AAAA for client 
100.64.36.162#32772: Name dolphin.com (SOA) not subdomain of zone 
now.dolphin.com -- invalid response
30-Mar-2017 08:19:54.786 resolver: DNS format error from 
205.251.195.198#53 resolving now.dolphin.com/AAAA for client 
100.64.36.162#32772: Name dolphin.com (SOA) not subdomain of zone 
now.dolphin.com -- invalid response
30-Mar-2017 08:19:54.848 resolver: DNS format error from 
2600:9000:5307:5600::1#53 resolving now.dolphin.com/AAAA for client 
100.64.36.162#32772: Name dolphin.com (SOA) not subdomain of zone 
now.dolphin.com -- invalid response
30-Mar-2017 08:19:54.925 resolver: DNS format error from 
2600:9000:5304:6600::1#53 resolving now.dolphin.com/AAAA for client 
100.64.36.162#32772: Name dolphin.com (SOA) not subdomain of zone 
now.dolphin.com -- invalid response
30-Mar-2017 08:19:54.998 resolver: DNS format error from 
2600:9000:5300:e800::1#53 resolving now.dolphin.com/AAAA for client 
100.64.36.162#32772: Name dolphin.com (SOA) not subdomain of zone 
now.dolphin.com -- invalid response
30-Mar-2017 08:19:55.060 resolver: DNS format error from 
2600:9000:5303:c600::1#53 resolving now.dolphin.com/AAAA for client 
100.64.36.162#32772: Name dolphin.com (SOA) not subdomain of zone 
now.dolphin.com -- invalid response

process.log (configured as "channel process/severity notice;"):
29-Nov-2016 07:09:28.266 xfer-in: transfer of 'rpz/IN/global' from 
217.23.80.2#53: failed while receiving responses: connection reset
15-Dec-2016 09:56:41.637 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
15-Dec-2016 10:23:37.125 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
15-Dec-2016 10:53:32.581 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
15-Dec-2016 11:20:08.997 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
15-Dec-2016 11:49:11.461 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
15-Dec-2016 12:20:39.845 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
15-Dec-2016 12:48:14.245 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
15-Dec-2016 13:21:37.708 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
15-Dec-2016 13:55:00.133 xfer-in: transfer of './IN/root' from 
2001:500:2f::f#53: failed to connect: timed out
12-Mar-2017 09:25:09.993 xfer-in: transfer of './IN/root' from 
2620:0:2830:202::132#53: failed while receiving responses: end of file

security.log (configured as "channel security/severity info;"):
30-Mar-2017 08:21:57.558 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 62.212.78.199#53
30-Mar-2017 08:21:57.630 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 83.149.64.123#53
30-Mar-2017 08:21:57.696 lame-servers: error (unexpected RCODE REFUSED) 
resolving '22.178.87.223.in-addr.arpa/PTR/IN': 183.221.253.54#53
30-Mar-2017 08:21:57.699 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 62.212.64.121#53
30-Mar-2017 08:21:57.775 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 2001:1af8:3100:a006:3::53#53
30-Mar-2017 08:21:58.057 lame-servers: error (unexpected RCODE REFUSED) 
resolving '22.178.87.223.in-addr.arpa/PTR/IN': 211.137.96.207#53
30-Mar-2017 08:21:58.211 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 62.212.64.121#53
30-Mar-2017 08:21:58.286 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 2001:1af8:3100:a006:3::53#53
30-Mar-2017 08:21:58.359 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 62.212.78.199#53
30-Mar-2017 08:21:58.436 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 2001:1af8:4100:a064::53#53
30-Mar-2017 08:21:58.508 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-nl03.calyptra-soft.net/A/IN': 83.149.64.123#53
30-Mar-2017 08:21:58.864 security: client 188.168.247.219#2050 
(retracker.local): view global: query 'retracker.local/A/IN' denied
30-Mar-2017 08:21:58.967 lame-servers: error (unexpected RCODE REFUSED) 
resolving '22.178.87.223.in-addr.arpa/PTR/IN': 183.221.253.42#53
30-Mar-2017 08:21:59.093 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-de06.calyptra-soft.net/A/IN': 83.149.64.123#53
30-Mar-2017 08:21:59.166 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-de06.calyptra-soft.net/A/IN': 62.212.78.199#53
30-Mar-2017 08:21:59.233 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-de06.calyptra-soft.net/A/IN': 62.212.64.121#53
30-Mar-2017 08:21:59.310 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-de06.calyptra-soft.net/A/IN': 2001:1af8:3100:a006:3::53#53
30-Mar-2017 08:21:59.350 lame-servers: error (unexpected RCODE REFUSED) 
resolving '22.178.87.223.in-addr.arpa/PTR/IN': 211.137.96.207#53
30-Mar-2017 08:21:59.384 lame-servers: error (unexpected RCODE REFUSED) 
resolving 'echo-de06.calyptra-soft.net/A/IN': 2001:1af8:4100:a064::53#53
30-Mar-2017 08:21:59.727 lame-servers: error (unexpected RCODE REFUSED) 
resolving '22.178.87.223.in-addr.arpa/PTR/IN': 183.221.253.54#53

Any help is appreciated.

 

С уважением,
Игорь Чудов
ЗАО "ВОЛГАТРАНСТЕЛЕКОМ"
ТТК - Волга
Тел.: +7 (937) 266-51-34
Web-сайт: volga.ttk.ru
E-mail: i.chudov at volga.ttk.ru
410004, Россия, Саратов, ул. Чернышевского, 60/62а

More information about the bind-users mailing list