Results 1 to 26 of 26
  1. #1
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302

    Strange issue with Named service

    Sometimes my server named service seem not work.
    Many site can not be accessed until i restart DNS Server(BIND)
    Have any one face this problem?
    My server never goes down but because of DNS server so no on can access to sites on my server except some who have dedicated IP.

  2. #2
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    Does it go down at random, or does it just not run at startup?
    Jakiao

  3. #3
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302
    It go down at random
    Site can access by IP but can not acess by domain

  4. #4
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    Could you check /var/log/messages for any errors that named might have given off?
    Jakiao

  5. #5
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302
    Here is some result i get from log

    Nov 27 05:46:42 server1 named[4851]: loading configuration from '/etc/named.conf'
    Nov 27 05:46:42 server1 named[4851]: no IPv6 interfaces found
    Nov 27 05:46:43 server1 named[4850]: zone host-ninhbinh.com/IN: loaded serial 2005112700
    Nov 27 05:46:43 server1 named[4850]: zone thuanthuy.info/IN: loaded serial 2005112700
    Nov 27 05:46:43 server1 named[4850]: zone host-ninhbinh.com/IN: sending notifies (serial 2005112700)
    Nov 27 05:46:43 server1 named[4850]: zone thuanthuy.info/IN: sending notifies (serial 2005112700)
    Nov 27 05:47:12 server1 stunnel[7031]: Connection closed: 4684277 bytes sent to SSL, 4647 bytes sent to socket
    Nov 27 05:47:52 server1 pure-ftpd: ([email protected]) [INFO] Logout.
    Nov 27 05:48:33 server1 named[4850]: shutting down: flushing changes
    Nov 27 05:48:33 server1 named[4850]: stopping command channel on 127.0.0.1#953
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53
    Nov 27 05:48:33 server1 named[4850]: no longer listening on 64.20.37.xx#53

  6. #6
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302
    Nov 27 06:40:11 server1 named[7340]: errno2result.c:109: unexpected error:
    Nov 27 06:40:11 server1 named[7340]: unable to convert errno to isc_result: 14: Bad address
    Nov 27 06:40:11 server1 named[7340]: UDP client handler shutting down due to fatal receive error: unexpected error

  7. #7
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    I've been poking around Google ( http://www.google.com/search?hl=en&q...3A+Bad+address ).

    First recurring thing I've found with results is that BIND doesn't work with kernel version 2.6.14. Are you using this kernel by any chance?

    cat /proc/version

    Just incase you're unsure of the kernel in use.
    Jakiao

  8. #8
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302
    I am using Kernel version 2.6.14
    It should be the problem here.
    What should I do now?

  9. #9
    Join Date
    May 2004
    Location
    Blue Springs, Missouri
    Posts
    366
    downgrade your kernel?

  10. #10
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    Which boot loader do you use? Assuming Grub, edit /boot/grub.conf and change the default kernel back to the kernel you were using before 2.6.14.

    The list of kernels gets assigned a value 0 through n. You should have something like DEFAULT=0. Change that to DEFAULT=1 or whichever kernel is the one you used previously.
    Jakiao

  11. #11
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    Sorry for the double post, but it's too late to edit my last post.

    First, I meant /boot/grub/grub.conf.

    Just because of how important it is to have a CORRECT boot configuration file, I'll demonstrate through use of mine.

    Here's an example of a grub.conf file:

    Code:
    # grub.conf generated by anaconda
    #
    # Note that you do not have to rerun grub after making changes to this file
    # NOTICE:  You have a /boot partition.  This means that
    #          all kernel and initrd paths are relative to /boot/, eg.
    #          root (hd0,0)
    #          kernel /vmlinuz-version ro root=/dev/sda2
    #          initrd /initrd-version.img
    #boot=/dev/sda
    default=0
    timeout=5
    splashimage=(hd0,0)/grub/splash.xpm.gz
    hiddenmenu
    title CentOS (2.6.9-22.0.1.ELsmp)
            root (hd0,0)
            kernel /vmlinuz-2.6.9-22.0.1.ELsmp ro root=LABEL=/
            initrd /initrd-2.6.9-22.0.1.ELsmp.img
    title CentOS (2.6.9-22.0.1.EL)
            root (hd0,0)
            kernel /vmlinuz-2.6.9-22.0.1.EL ro root=LABEL=/
            initrd /initrd-2.6.9-22.0.1.EL.img
    See how "default=0" is set? It's pulling the first kernel listed. Now say that were the bad kernel and I needed to go back to my previous kernel. Well the second kernel in the list is the old kernel, so I would change "default=0" to "default=1".
    Jakiao

  12. #12
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302
    I have downgrade Kernel,hope it is fine now
    Thanks for your usefull support

  13. #13
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    I hope you didnt downgrade to a exploitable kernel. tried 2.6.14.3?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  14. #14
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302
    I have downgraded the kernel to 2.6.11.12
    Is it exploitable?

  15. #15
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Yes it is.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  16. #16
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    Honestly, any old kernel is exploitable. So using anything than the latest is potentially dangerous, but you have to weigh the chances of you having problems with an older kernel. All of my servers use 2.6.9 without issue.

    Keep in mind: How many of the exploits require SSH access to the server, and which do not?
    Jakiao

  17. #17
    Join Date
    Apr 2005
    Location
    Singapore
    Posts
    302
    If 2.6.14.3 are not compatible with DNS Server
    Which version of Kernel should i switch to?

  18. #18
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    Considering the BIND issues are attributed to 2.6.14, I'd choose the closest version you can install to 2.6.14. I only use 2.6.9 because I only update kernels as my OS releases updates. But if you can get a later version, then I say go for it.
    Jakiao

  19. #19
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Keep in mind: How many of the exploits require SSH access to the server, and which do not?
    Every exploit local to the machine can basically be done though a perl script or php script. since they both allow execution of shell commands.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  20. #20
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    http://www.ussg.iu.edu/hypermail/lin...11.3/0256.html

    It was fixed. Upgrade to 2.6.14.3
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  21. #21
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    That's where the responsibility of the system admin should rest. But, as I said, if he can use a newer kernel, then do it.
    Jakiao

  22. #22
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    Uh, he's using 2.6.14.3.
    Jakiao

  23. #23
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by Jakiao
    Uh, he's using 2.6.14.3.

    Since when?

    I am using Kernel version 2.6.14

    he never said he was using 2.6.14.3

    he just said

    If 2.6.14.3 are not compatible with DNS Server

    I am personally using 2.6.14.3 on 25 servers and I am not having any problems with named.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  24. #24
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    Hm, I thought he meant that he was using 2.6.14.3. Oh well, my mistake!
    Jakiao

  25. #25
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  26. #26

    Same Problem happened with the me

    the same problem happened with me,i get the following three errors :

    UDP client handler shutting down due to fatal receive error: unexpected error
    unable to convert errno to isc_result: 234: More data is available.
    errno2result.c:61: unexpected error:

    in event log and the server stopped resolving incoming quaries until i restrat the services again

    i'm working with bind 9.2.5 on windows 2000 servere,

    Do you know any solutions for this problem,
    Reagrds,
    Michael

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •