Unexpected RCODE(SERVFAIL) causing bind to crash?

domain-name-system centos bind
6,930

Solution 1

Question first off: does it actually need the bind accessible to the outside world? If not, just block ingoing traffic on the DNS ports, and you're all set.

But yes, indirectly this is part of an 'attack', as your mail server is probably trying to bounce back "user not found" mails to bogus servers.

And do you have spamassassin running on your machine? If you're hit by a spamwave and the perl spamassassin is trying to handle all the mail, it might take down your system on unlucky configurations.

Solution 2

That syslog entry is most likely your machine trying to lookup the IP of a host that just connected to it. 193.0.0.193 is one of RIPE's DNS servers which are authoritative for part of the in-addr.arpa tree used to map from IP to hostname.

It is exceedingly unlikely that these DNS queries are causing your machine to crash. It's far more likely to be the resource drain from whatever inbound traffic is indirectly causing the DNS lookups.

It would be most useful for you to look at what inbound services your server is offering to the outside world, and to decide whether you need to perform DNS lookups in real-time for each of those inbound connections.

For example, if this is a web-server, don't store hostnames in the logfiles, just store the remote IP addresses. Then add the hostnames later (should you ever need to) offline.

Share:
6,930
MAS1
Author by

MAS1

Updated on September 17, 2022

Comments

  • MAS1
    MAS1 almost 2 years

    Every two days or so, my server stops responding entirely to its services. I can ping it, but I cannot use SSH so I have to go into my host's control panel and reset it.

    When it comes back up, the last log entry before the crash in /var/log/messages are variations on the following:

    named[3493]: unexpected RCODE (SERVFAIL) resolving '3.39.148.159.in-addr.arpa/PTR/IN': 193.0.0.193#53

    Could this be a part of a DoS attack? I have not configured bind on this server and didn't think I'd need to (however naïve that may be).

  • MAS1
    MAS1 almost 15 years
    I've blocked external traffic to bind. I'll see if that clears up the problem in a couple of days.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Bind not forwarding on CentOS 6
WARNING: recursion requested but not available, 3 servers only one fails
BIND DNS nslookup NXDOMAIN
Named service start fails
Router as primary DNS server, Server as alternate? (or vice versa)
Why is my DNS server not forwarding?
bind dns entries not updating from master to slave
CentOS BIND DNS Troubleshooting?
How to solve call trace produced by security_ops_task_setrlimit() with bind
CentOS 7 BIND DNS SERVFAIL when nslookup for internal servers