named-service-stopped
MEjaz
mejaz at cyberia.net.sa
Sun Dec 15 08:44:47 UTC 2019
We are an ISP, All of sudden during the midnight our named service was down,
please find the below snippet of the logs when we checked the logs of
"dmesg" and "/var/log/messages"
Our bind name version is = BIND 9.12.3-P1 <id:cfdd35
Is that advisable to upgrade our bind from the above version to the latest
stable one
We don't fall into the same problem again. any clue would be highly
appreciated. Thanks in advance
Dmesg,
33791287.495380] UDP: bad checksum. From 212.119.87.209:58116 to
212.119.64.2:53 ulen 57
[33793192.481957] UDP: bad checksum. From 212.119.87.209:50338 to
212.119.64.2:53 ulen 74
[33794231.849707] UDP: bad checksum. From 212.119.87.209:51716 to
212.119.64.2:53 ulen 59
[33795952.627374] UDP: bad checksum. From 212.119.87.209:1807 to
212.119.64.2:53 ulen 55
[33796039.842751] UDP: bad checksum. From 212.119.87.209:51925 to
212.119.64.2:53 ulen 80
[33803782.373417] UDP: short packet: From 212.119.77.33:50368 65363/44 to
212.119.64.2:61642
[33864834.213778] TCP: request_sock_TCP: Possible SYN flooding on port 53.
Sending cookies. Check SNMP counters.
/var/log/messages, during the bind failure.
Dec 14 12:39:34 ns10 named[29435]: FORMERR resolving 'avck.com/MX/IN':
47.107.187.161#53
Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/A/IN': 2600:9000:5307:8800::1#53
Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5307:8800::1#53
Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/A/IN': 2600:9000:5301:c900::1#53
Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5301:c900::1#53
Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/A/IN': 2600:9000:5305:4800::1#53
Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving
'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5305:4800::1#53
Dec 14 12:39:34 ns10 named[29435]: client @0x7f0910113b00
188.50.216.120#59595 (ajax.cloudflare.com): query (cache)
'ajax.cloudflare.com/A/IN' denied
Dec 14 12:39:34 ns10 named[29435]: client @0x7f092000b660
188.50.216.120#61356 (www3.l.google.com): query (cache)
'www3.l.google.com/A/IN' denied
Dec 14 12:39:34 ns10 named[29435]: client @0x7f0904fcbcb0
188.50.216.120#61454 (d1r55yzuc1b1bw.cloudfront.net): query (cache)
'd1r55yzuc1b1bw.cloudfront.net/A/IN' denied
Dec 14 12:39:34 ns10 named[29435]: client @0x7f0908122050 31.166.235.91#8234
(tsfe-prod-db5.trafficmanager.net): query (cache)
'tsfe-prod-db5.trafficmanager.net/A/IN' denied
Dec 14 12:39:34 ns10 named[29435]: lame server resolving
'cpc1-finc16-2-0-cust1831.4-2.cable.virginm.net' (in 'cable.virginm.net'?):
194.168.4.237#53
Dec 14 12:39:34 ns10 named[29435]: client @0x7f091814a3c0
188.50.216.120#59736 (www3.l.google.com): query (cache)
'www3.l.google.com/A/IN' denied
Dec 14 12:39:34 ns10 named[29435]: client @0x7f091813f710
188.50.216.120#61702 (cdn.threadloom.com): query (cache)
'cdn.threadloom.com/A/IN' denied
Dec 14 12:39:55 ns10 named[29435]: dispatch.c:3426: REQUIRE(resp->item_out
== 1) failed, back trace
Dec 14 12:39:55 ns10 named[29435]: #0 0x4254fd in assertion_failed()+0x4d
Dec 14 12:39:55 ns10 named[29435]: #1 0x601c7a in isc_assertion_failed()+0xa
Dec 14 12:39:55 ns10 named[29435]: #2 0x4a0d15 in
dns_dispatch_getnext()+0x315
Dec 14 12:39:55 ns10 named[29435]: #3 0x5673fa in rctx_done()+0x17a
Dec 14 12:39:55 ns10 named[29435]: #4 0x567839 in resquery_response()+0x1b9
Dec 14 12:39:55 ns10 named[29435]: #5 0x62402b in run()+0x2bb
Dec 14 12:39:55 ns10 named[29435]: #6 0x7f0941fb5e25 in
__do_global_dtors_aux_fini_array_entry()+0x7f09416c1cd5
Dec 14 12:39:55 ns10 named[29435]: #7 0x7f0941cdfbad in
__do_global_dtors_aux_fini_array_entry()+0x7f09413eba5d
Dec 14 12:39:55 ns10 named[29435]: exiting (due to assertion failure)
Dec 14 12:39:55 ns10 abrt-hook-ccpp: Process 29435 (named) of user 0 killed
by SIGABRT - dumping core
Dec 14 12:40:01 ns10 systemd: Started Session 629619 of user root.
Dec 14 12:40:01 ns10 systemd: Started Session 629620 of user root.
Dec 14 12:40:01 ns10 journal: Suppressed 2795 messages from
/user.slice/user-0.slice
Dec 14 12:40:16 ns10 systemd-logind: Removed session 606944.
Dec 14 12:40:16 ns10 abrt-server: Executable '/usr/local/sbin/named' doesn't
belong to any package and ProcessUnpackaged is set to 'no'
Dec 14 12:40:16 ns10 abrt-server: 'post-create' on
'/var/spool/abrt/ccpp-2019-12-14-12:39:55-29435' exited with 1
Dec 14 12:40:16 ns10 abrt-server: Deleting problem directory
'/var/spool/abrt/ccpp-2019-12-14-12:39:55-29435'
Dec 14 12:41:01 ns10 systemd: Started Session 629621 of user root.
Dec 14 12:42:01 ns10 systemd: Started Session 629622 of user root.
Dec 14 12:43:01 ns10 systemd: Started Session 629623 of user root.
Dec 14 12:44:01 ns10 systemd: Started Session 629624 of user root.
Also, one of the domain very popular www.akamail.com
<http://www.akamail.com> , is unable to resolve from our slave server,
Dec 15 09:46:28 ns20 named[16169]: validating control.akamai.com/CNAME: bad
cach e hit (control.akamai.com/DS)
Dec 15 09:46:52 ns20 named[16169]: validating akamai.com/SOA: got insecure
res ponse; parent indicates it
should be secure
Dec 15 09:47:28 ns20 named[16169]: validating www.akamai.com/CNAME: bad
cache hi t (www.akamai.com/DS)
Dec 15 09:47:29 ns20 named[16169]: validating www.akamai.com/CNAME: bad
cache hi t (www.akamai.com/DS)
Dec 15 09:51:34 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)
Dec 15 09:52:30 ns20 named[16169]: validating etpcas.akamai.com/CNAME: bad
cache hit
(etpcas.akamai.com/DS)
Dec 15 09:56:16 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)
Dec 15 09:58:17 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)
Dec 15 10:00:41 ns20 named[16169]: validating etpcas.akamai.com/CNAME: bad
cache hit
(etpcas.akamai.com/DS)
Dec 15 10:00:58 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)
Dec 15 10:02:10 ns20 named[16169]: validating time.akamai.com/CNAME: bad
cache h it (time.akamai.com/DS)
Dec 15 10:02:59 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)
Dec 15 10:04:59 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)
Dec 15 10:06:29 ns20 named[16169]: validating time.akamai.com/CNAME: bad
cache h it (time.akamai.com/DS)
Dec 15 10:07:04 ns20 named[16169]: validating weblogin.akamai.com/CNAME: bad
cac he hit
(weblogin.akamai.com/DS)
Dec 15 10:07:40 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)
Dec 15 10:09:41 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
d cache hit (etp.akamai.com/DS)
Dec 15 10:10:59 ns20 named[16169]: client @0x7f43e0e77ef0
37.224.15.122#61457 (t
ime.akamai.com): query (cache) 'time.akamai.com/A/IN' denied
Dec 15 10:12:22 ns20 named[16169]: validating
dnsclient.etp.akamai.com/CNAME: ba
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191215/d33e6543/attachment-0001.htm>
More information about the bind-users
mailing list