named-service-stopped

MEjaz mejaz at cyberia.net.sa
Sun Dec 15 08:44:47 UTC 2019


 

We are an ISP, All of sudden during the midnight our named service was down,
please find the below snippet of the logs  when we checked the logs  of
"dmesg" and "/var/log/messages"

 

Our bind name version is =  BIND 9.12.3-P1 <id:cfdd35

 

Is that advisable to upgrade our bind from the above version to the latest
stable one 

 

We don't fall into the same problem again. any clue would be highly
appreciated. Thanks in advance 

 

 

 

Dmesg,

 

33791287.495380] UDP: bad checksum. From 212.119.87.209:58116 to
212.119.64.2:53 ulen 57

[33793192.481957] UDP: bad checksum. From 212.119.87.209:50338 to
212.119.64.2:53 ulen 74

[33794231.849707] UDP: bad checksum. From 212.119.87.209:51716 to
212.119.64.2:53 ulen 59

[33795952.627374] UDP: bad checksum. From 212.119.87.209:1807 to
212.119.64.2:53 ulen 55

[33796039.842751] UDP: bad checksum. From 212.119.87.209:51925 to
212.119.64.2:53 ulen 80

[33803782.373417] UDP: short packet: From 212.119.77.33:50368 65363/44 to
212.119.64.2:61642

[33864834.213778] TCP: request_sock_TCP: Possible SYN flooding on port 53.
Sending cookies.  Check SNMP counters.

 

/var/log/messages, during the bind failure.

 

 

Dec 14 12:39:34 ns10 named[29435]: FORMERR resolving 'avck.com/MX/IN':
47.107.187.161#53

Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/A/IN': 2600:9000:5307:8800::1#53

Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5307:8800::1#53

Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/A/IN': 2600:9000:5301:c900::1#53

Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5301:c900::1#53

Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/A/IN': 2600:9000:5305:4800::1#53

Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5305:4800::1#53

Dec 14 12:39:34 ns10 named[29435]: client @0x7f0910113b00
188.50.216.120#59595 (ajax.cloudflare.com): query (cache)
'ajax.cloudflare.com/A/IN' denied

Dec 14 12:39:34 ns10 named[29435]: client @0x7f092000b660
188.50.216.120#61356 (www3.l.google.com): query (cache)
'www3.l.google.com/A/IN' denied

Dec 14 12:39:34 ns10 named[29435]: client @0x7f0904fcbcb0
188.50.216.120#61454 (d1r55yzuc1b1bw.cloudfront.net): query (cache)
'd1r55yzuc1b1bw.cloudfront.net/A/IN' denied

Dec 14 12:39:34 ns10 named[29435]: client @0x7f0908122050 31.166.235.91#8234
(tsfe-prod-db5.trafficmanager.net): query (cache)
'tsfe-prod-db5.trafficmanager.net/A/IN' denied

Dec 14 12:39:34 ns10 named[29435]: lame server resolving
'cpc1-finc16-2-0-cust1831.4-2.cable.virginm.net' (in 'cable.virginm.net'?):
194.168.4.237#53

Dec 14 12:39:34 ns10 named[29435]: client @0x7f091814a3c0
188.50.216.120#59736 (www3.l.google.com): query (cache)
'www3.l.google.com/A/IN' denied

Dec 14 12:39:34 ns10 named[29435]: client @0x7f091813f710
188.50.216.120#61702 (cdn.threadloom.com): query (cache)
'cdn.threadloom.com/A/IN' denied

Dec 14 12:39:55 ns10 named[29435]: dispatch.c:3426: REQUIRE(resp->item_out
== 1) failed, back trace

Dec 14 12:39:55 ns10 named[29435]: #0 0x4254fd in assertion_failed()+0x4d

Dec 14 12:39:55 ns10 named[29435]: #1 0x601c7a in isc_assertion_failed()+0xa

Dec 14 12:39:55 ns10 named[29435]: #2 0x4a0d15 in
dns_dispatch_getnext()+0x315

Dec 14 12:39:55 ns10 named[29435]: #3 0x5673fa in rctx_done()+0x17a

Dec 14 12:39:55 ns10 named[29435]: #4 0x567839 in resquery_response()+0x1b9

Dec 14 12:39:55 ns10 named[29435]: #5 0x62402b in run()+0x2bb

Dec 14 12:39:55 ns10 named[29435]: #6 0x7f0941fb5e25 in
__do_global_dtors_aux_fini_array_entry()+0x7f09416c1cd5

Dec 14 12:39:55 ns10 named[29435]: #7 0x7f0941cdfbad in
__do_global_dtors_aux_fini_array_entry()+0x7f09413eba5d

Dec 14 12:39:55 ns10 named[29435]: exiting (due to assertion failure)

Dec 14 12:39:55 ns10 abrt-hook-ccpp: Process 29435 (named) of user 0 killed
by SIGABRT - dumping core

Dec 14 12:40:01 ns10 systemd: Started Session 629619 of user root.

Dec 14 12:40:01 ns10 systemd: Started Session 629620 of user root.

Dec 14 12:40:01 ns10 journal: Suppressed 2795 messages from
/user.slice/user-0.slice

Dec 14 12:40:16 ns10 systemd-logind: Removed session 606944.

Dec 14 12:40:16 ns10 abrt-server: Executable '/usr/local/sbin/named' doesn't
belong to any package and ProcessUnpackaged is set to 'no'

Dec 14 12:40:16 ns10 abrt-server: 'post-create' on
'/var/spool/abrt/ccpp-2019-12-14-12:39:55-29435' exited with 1

Dec 14 12:40:16 ns10 abrt-server: Deleting problem directory
'/var/spool/abrt/ccpp-2019-12-14-12:39:55-29435'

Dec 14 12:41:01 ns10 systemd: Started Session 629621 of user root.

Dec 14 12:42:01 ns10 systemd: Started Session 629622 of user root.

Dec 14 12:43:01 ns10 systemd: Started Session 629623 of user root.

Dec 14 12:44:01 ns10 systemd: Started Session 629624 of user root.


 

 

 

 

 

Also, one of the domain very popular  www.akamail.com
<http://www.akamail.com>  , is  unable to resolve from our slave server, 

 

Dec 15 09:46:28 ns20 named[16169]: validating control.akamai.com/CNAME: bad
cach e hit (control.akamai.com/DS)

Dec 15 09:46:52 ns20 named[16169]:   validating akamai.com/SOA: got insecure
res                                             ponse; parent indicates it
should be secure

Dec 15 09:47:28 ns20 named[16169]: validating www.akamai.com/CNAME: bad
cache hi                                             t (www.akamai.com/DS)

Dec 15 09:47:29 ns20 named[16169]: validating www.akamai.com/CNAME: bad
cache hi                                             t (www.akamai.com/DS)

Dec 15 09:51:34 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)

Dec 15 09:52:30 ns20 named[16169]: validating etpcas.akamai.com/CNAME: bad
cache                                              hit
(etpcas.akamai.com/DS)

Dec 15 09:56:16 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)

Dec 15 09:58:17 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)

Dec 15 10:00:41 ns20 named[16169]: validating etpcas.akamai.com/CNAME: bad
cache                                              hit
(etpcas.akamai.com/DS)

Dec 15 10:00:58 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)

Dec 15 10:02:10 ns20 named[16169]: validating time.akamai.com/CNAME: bad
cache h                                             it (time.akamai.com/DS)

Dec 15 10:02:59 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)

Dec 15 10:04:59 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)

Dec 15 10:06:29 ns20 named[16169]: validating time.akamai.com/CNAME: bad
cache h                                             it (time.akamai.com/DS)

Dec 15 10:07:04 ns20 named[16169]: validating weblogin.akamai.com/CNAME: bad
cac                                             he hit
(weblogin.akamai.com/DS)

Dec 15 10:07:40 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)

Dec 15 10:09:41 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)

Dec 15 10:10:59 ns20 named[16169]: client @0x7f43e0e77ef0
37.224.15.122#61457 (t
ime.akamai.com): query (cache) 'time.akamai.com/A/IN' denied

Dec 15 10:12:22 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191215/d33e6543/attachment-0001.htm>


More information about the bind-users mailing list