On Tue, Feb 7, 2017 at 9:34 AM, Raul Dias <r...@dias.com.br> wrote: > Sorry, > Static files. > It is the master server. > No dynamic updates. > Host under lxc with only bind ports open. >
If it is the master, and there are no automatic updates, I strongly suspect: 1: there is a cron job (or similar) which rewrites the old zone file -- some busticated automation or, more likely 2: you said that this is a "host under lxc" -- this sounds VERY much like it is in a container, and the container is restarting every N (sometime around 20h Eastern!) -- the zonefile in the container, and not in an external volume / persistent disk... W > > On Tue, Feb 7, 2017, 12:27 Alberto Colosi <al...@hotmail.com> wrote: > >> hi is unclear named structure if is a slave a master if dynamic updates >> are enabled and if the unix box has been hacked >> >> as last , zones are static files on fs ? >> >> >> ------------------------------ >> *From:* bind-users <bind-users-boun...@lists.isc.org> on behalf of Raul >> Dias <r...@dias.com.br> >> *Sent:* Tuesday, February 7, 2017 3:03 PM >> *To:* bind-users@lists.isc.org >> *Subject:* bind 9 goes rogue and revert zone information >> >> Hello, >> >> I have a very strange behavior that I am failing to understand. >> >> 2 to 5 times a week, a named server revert back to a previous version os >> a master zone. >> This happens during the night, usually around 20h EST. >> >> This zone has a serial of 3017020401 <(301)%20702-0401> (yes, I typo the >> 3 somewhere in the >> past). >> When it reverts its zone information, it goes back to 3016060101 >> <(301)%20606-0101>. >> >> I have updated, restarted the host, clean all cache and journal files, >> grep all files in the host for 3016060101 <(301)%20606-0101> (just shows >> up in the logs). >> >> So, I have no clue why, or how it is happening. Where does it get the >> old information. >> >> I thought first about the serial, but it would have happened in the past >> too, right? As it should be a 32bit unsigned integer, it shouldn't be a >> problem, IMHO. >> >> Yet, when "dig domain -t SOA @server", it is there again. >> >> The host is a debian Jessie and bind is 9.9.5, 1:9.9.5.dfsg-9+deb8u8 >> more specifically. >> >> >> Thanks for any direction. >> -rsd >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> bind-users Info Page - Internet Systems Consortium >> <https://lists.isc.org/mailman/listinfo/bind-users> >> lists.isc.org >> To see the collection of prior postings to the list, visit the bind-users >> Archives. Using bind-users: To post a message to all the list members, send >> ... >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> bind-users Info Page - Internet Systems Consortium >> <https://lists.isc.org/mailman/listinfo/bind-users> >> lists.isc.org >> To see the collection of prior postings to the list, visit the bind-users >> Archives. Using bind-users: To post a message to all the list members, send >> ... >> >> > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
