Results 1 to 7 of 7
  1. #1

    * DNS stopped responding HELP!

    Hello all

    I run a dedicated Cpanel server running Centos 5.9

    Last night the DNS stopped working. (has been running fine for years!)

    named is running and iv tried restarting it and rebuilding the config.

    rebooted the whole server

    Running out of ideas?

    Wont even respond to queries locally?

    any suggestions where to look?

    Luke

  2. #2
    Join Date
    May 2012
    Location
    India
    Posts
    1,026
    Did you check through the /var/log/messages and see any errors there?. What exactly is the problem?, can you provide a sample you think the problem is?.

  3. #3
    from some help of another forum i checked messages again (previously it was clear...)

    was getting a heap of:
    Oct 16 10:39:56 jupiter named[15024]: client 186.2.165.57#275: view external: error sending response: host unreachable

    Disabled iptables temporarily and dns is working again.

    No idea how this could happen as the firewall config has not changed in years.

    Any ideas what i need to change to fix it with the firewall running? im using APF to manage it.

    ports open are:
    IG_TCP_CPORTS="21,2222,25,53,80,110,143,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,3000_3500,5109"

    IG_UDP_CPORTS="53,6277"

    EG_TCP_CPORTS="21,25,2222,37,53,80,110,113,#123,443,43,873,953,2089,2087,2703,3306,5109"

    EG_UDP_CPORTS="20,21,53,873,953,6277"

  4. #4
    Im thinking its a DDOS now of some form

    Oct 16 11:00:36 jupiter named[15024]: client 14.17.65.242#550: view external: error sending response: host unreachable
    Oct 16 11:00:37 jupiter named[15024]: client 186.2.167.73#713: view external: error sending response: host unreachable
    Oct 16 11:00:45 jupiter named[15024]: client 162.218.30.37#87: view external: error sending response: host unreachable
    Oct 16 11:00:47 jupiter named[15024]: client 162.218.30.37#1013: view external: error sending response: host unreachable
    Oct 16 11:00:48 jupiter named[15024]: client 14.17.65.242#594: view external: error sending response: host unreachable
    Oct 16 11:00:50 jupiter named[15024]: client 14.17.65.159#467: view external: error sending response: host unreachable
    Oct 16 11:00:53 jupiter named[15024]: client 14.17.65.242#792: view external: error sending response: host unreachable
    Oct 16 11:00:54 jupiter named[15024]: client 186.2.167.72#736: view external: error sending response: host unreachable
    Oct 16 11:00:55 jupiter named[15024]: client 162.218.30.37#716: view external: error sending response: host unreachable
    Oct 16 11:00:56 jupiter named[15024]: client 162.218.30.37#580: view external: error sending response: host unreachable
    Oct 16 11:00:57 jupiter named[15024]: client 186.2.167.75#834: view external: error sending response: host unreachable
    Oct 16 11:00:57 jupiter named[15024]: client 186.2.167.73#901: view external: error sending response: host unreachable
    Oct 16 11:00:57 jupiter named[15024]: client 162.218.30.36#547: view external: error sending response: host unreachable
    Oct 16 11:00:59 jupiter named[15024]: client 14.17.65.171#804: view external: error sending response: host unreachable
    Oct 16 11:00:59 jupiter named[15024]: client 162.218.30.35#951: view external: error sending response: host unreachable
    Oct 16 11:01:00 jupiter named[15024]: client 112.90.220.46#842: view external: error sending response: host unreachable
    Oct 16 11:01:00 jupiter named[15024]: client 162.218.30.37#544: view external: error sending response: host unreachable
    Oct 16 11:01:01 jupiter named[15024]: client 186.2.165.57#517: view external: error sending response: host unreachable
    Oct 16 11:01:02 jupiter named[15024]: client 162.218.30.35#633: view external: error sending response: host unreachable
    Oct 16 11:01:03 jupiter named[15024]: client 14.17.65.171#975: view external: error sending response: host unreachable
    Oct 16 11:01:04 jupiter named[15024]: client 14.17.65.170#631: view external: error sending response: host unreachable
    Oct 16 11:01:04 jupiter named[15024]: client 186.2.165.57#457: view external: error sending response: host unreachable
    Oct 16 11:01:07 jupiter named[15024]: client 186.2.167.77#331: view external: error sending response: host unreachable
    Oct 16 11:01:07 jupiter named[15024]: client 162.218.30.37#224: view external: error sending response: host unreachable
    Oct 16 11:01:08 jupiter named[15024]: client 14.17.65.170#339: view external: error sending response: host unreachable
    Oct 16 11:01:09 jupiter named[15024]: client 162.218.30.35#552: view external: error sending response: host unreachable
    Oct 16 11:01:09 jupiter named[15024]: client 162.218.30.37#343: view external: error sending response: host unreachable
    Oct 16 11:01:10 jupiter named[15024]: client 162.218.30.36#597: view external: error sending response: host unreachable
    Oct 16 11:01:12 jupiter named[15024]: client 186.2.165.57#1: view external: error sending response: host unreachable
    Oct 16 11:01:13 jupiter named[15024]: client 14.17.65.242#507: view external: error sending response: host unreachable
    Oct 16 11:01:13 jupiter named[15024]: client 186.2.165.57#910: view external: error sending response: host unreachable
    Oct 16 11:01:14 jupiter named[15024]: client 14.17.65.242#748: view external: error sending response: host unreachable
    Oct 16 11:01:14 jupiter named[15024]: client 14.17.65.159#219: view external: error sending response: host unreachable
    Oct 16 11:01:14 jupiter named[15024]: client 162.218.30.35#962: view external: error sending response: host unreachable
    Oct 16 11:01:17 jupiter named[15024]: client 186.2.165.57#714: view external: error sending response: host unreachable
    Oct 16 11:01:18 jupiter named[15024]: client 112.90.220.33#952: view external: error sending response: host unreachable
    DNS is working again with the firewall enabled but for how long i dont know.

    Blocked out a heap of those ips for now.

  5. #5
    Join Date
    May 2012
    Location
    India
    Posts
    1,026

  6. #6
    In addition, make sure that your DNS server does not allow recursive query otherwise your server will become open DNS server and can be attacked using DNS amplification.

  7. #7
    Just had been looking at that but turns out i already had recursion off in my named.conf

    Seems to be stable now after i blocked 4 subnets.

Similar Threads

  1. Replies: 16
    Last Post: 04-28-2013, 08:11 PM
  2. DNS Is Not Responding ???
    By X-Dev in forum VPS Hosting
    Replies: 9
    Last Post: 09-07-2010, 11:41 PM
  3. Identifying why the VPS stopped responding
    By sdani in forum VPS Hosting
    Replies: 6
    Last Post: 02-07-2010, 07:58 PM
  4. Pronic Solutions DNS not responding?
    By roblgs in forum Providers and Network Outages and Updates
    Replies: 4
    Last Post: 03-28-2007, 10:27 AM
  5. Server stopped responding, possible attacks?
    By dee_at_candl in forum Hosting Security and Technology
    Replies: 4
    Last Post: 08-19-2004, 06:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •