We are an ISP, All of sudden during the midnight our named service was down, please find the below snippet of the logs when we checked the logs of "dmesg" and "/var/log/messages"
Our bind name version is = BIND 9.12.3-P1 <id:cfdd35 Is that advisable to upgrade our bind from the above version to the latest stable one We don't fall into the same problem again. any clue would be highly appreciated. Thanks in advance Dmesg, 33791287.495380] UDP: bad checksum. From 212.119.87.209:58116 to 212.119.64.2:53 ulen 57 [33793192.481957] UDP: bad checksum. From 212.119.87.209:50338 to 212.119.64.2:53 ulen 74 [33794231.849707] UDP: bad checksum. From 212.119.87.209:51716 to 212.119.64.2:53 ulen 59 [33795952.627374] UDP: bad checksum. From 212.119.87.209:1807 to 212.119.64.2:53 ulen 55 [33796039.842751] UDP: bad checksum. From 212.119.87.209:51925 to 212.119.64.2:53 ulen 80 [33803782.373417] UDP: short packet: From 212.119.77.33:50368 65363/44 to 212.119.64.2:61642 [33864834.213778] TCP: request_sock_TCP: Possible SYN flooding on port 53. Sending cookies. Check SNMP counters. /var/log/messages, during the bind failure. Dec 14 12:39:34 ns10 named[29435]: FORMERR resolving 'avck.com/MX/IN': 47.107.187.161#53 Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving 'ns-578.awsdns-08.net/A/IN': 2600:9000:5307:8800::1#53 Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving 'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5307:8800::1#53 Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving 'ns-578.awsdns-08.net/A/IN': 2600:9000:5301:c900::1#53 Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving 'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5301:c900::1#53 Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving 'ns-578.awsdns-08.net/A/IN': 2600:9000:5305:4800::1#53 Dec 14 12:39:34 ns10 named[29435]: network unreachable resolving 'ns-578.awsdns-08.net/AAAA/IN': 2600:9000:5305:4800::1#53 Dec 14 12:39:34 ns10 named[29435]: client @0x7f0910113b00 188.50.216.120#59595 (ajax.cloudflare.com): query (cache) 'ajax.cloudflare.com/A/IN' denied Dec 14 12:39:34 ns10 named[29435]: client @0x7f092000b660 188.50.216.120#61356 (www3.l.google.com): query (cache) 'www3.l.google.com/A/IN' denied Dec 14 12:39:34 ns10 named[29435]: client @0x7f0904fcbcb0 188.50.216.120#61454 (d1r55yzuc1b1bw.cloudfront.net): query (cache) 'd1r55yzuc1b1bw.cloudfront.net/A/IN' denied Dec 14 12:39:34 ns10 named[29435]: client @0x7f0908122050 31.166.235.91#8234 (tsfe-prod-db5.trafficmanager.net): query (cache) 'tsfe-prod-db5.trafficmanager.net/A/IN' denied Dec 14 12:39:34 ns10 named[29435]: lame server resolving 'cpc1-finc16-2-0-cust1831.4-2.cable.virginm.net' (in 'cable.virginm.net'?): 194.168.4.237#53 Dec 14 12:39:34 ns10 named[29435]: client @0x7f091814a3c0 188.50.216.120#59736 (www3.l.google.com): query (cache) 'www3.l.google.com/A/IN' denied Dec 14 12:39:34 ns10 named[29435]: client @0x7f091813f710 188.50.216.120#61702 (cdn.threadloom.com): query (cache) 'cdn.threadloom.com/A/IN' denied Dec 14 12:39:55 ns10 named[29435]: dispatch.c:3426: REQUIRE(resp->item_out == 1) failed, back trace Dec 14 12:39:55 ns10 named[29435]: #0 0x4254fd in assertion_failed()+0x4d Dec 14 12:39:55 ns10 named[29435]: #1 0x601c7a in isc_assertion_failed()+0xa Dec 14 12:39:55 ns10 named[29435]: #2 0x4a0d15 in dns_dispatch_getnext()+0x315 Dec 14 12:39:55 ns10 named[29435]: #3 0x5673fa in rctx_done()+0x17a Dec 14 12:39:55 ns10 named[29435]: #4 0x567839 in resquery_response()+0x1b9 Dec 14 12:39:55 ns10 named[29435]: #5 0x62402b in run()+0x2bb Dec 14 12:39:55 ns10 named[29435]: #6 0x7f0941fb5e25 in __do_global_dtors_aux_fini_array_entry()+0x7f09416c1cd5 Dec 14 12:39:55 ns10 named[29435]: #7 0x7f0941cdfbad in __do_global_dtors_aux_fini_array_entry()+0x7f09413eba5d Dec 14 12:39:55 ns10 named[29435]: exiting (due to assertion failure) Dec 14 12:39:55 ns10 abrt-hook-ccpp: Process 29435 (named) of user 0 killed by SIGABRT - dumping core Dec 14 12:40:01 ns10 systemd: Started Session 629619 of user root. Dec 14 12:40:01 ns10 systemd: Started Session 629620 of user root. Dec 14 12:40:01 ns10 journal: Suppressed 2795 messages from /user.slice/user-0.slice Dec 14 12:40:16 ns10 systemd-logind: Removed session 606944. Dec 14 12:40:16 ns10 abrt-server: Executable '/usr/local/sbin/named' doesn't belong to any package and ProcessUnpackaged is set to 'no' Dec 14 12:40:16 ns10 abrt-server: 'post-create' on '/var/spool/abrt/ccpp-2019-12-14-12:39:55-29435' exited with 1 Dec 14 12:40:16 ns10 abrt-server: Deleting problem directory '/var/spool/abrt/ccpp-2019-12-14-12:39:55-29435' Dec 14 12:41:01 ns10 systemd: Started Session 629621 of user root. Dec 14 12:42:01 ns10 systemd: Started Session 629622 of user root. Dec 14 12:43:01 ns10 systemd: Started Session 629623 of user root. Dec 14 12:44:01 ns10 systemd: Started Session 629624 of user root. Also, one of the domain very popular www.akamail.com <http://www.akamail.com> , is unable to resolve from our slave server, Dec 15 09:46:28 ns20 named[16169]: validating control.akamai.com/CNAME: bad cach e hit (control.akamai.com/DS) Dec 15 09:46:52 ns20 named[16169]: validating akamai.com/SOA: got insecure res ponse; parent indicates it should be secure Dec 15 09:47:28 ns20 named[16169]: validating www.akamai.com/CNAME: bad cache hi t (www.akamai.com/DS) Dec 15 09:47:29 ns20 named[16169]: validating www.akamai.com/CNAME: bad cache hi t (www.akamai.com/DS) Dec 15 09:51:34 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba d cache hit (etp.akamai.com/DS) Dec 15 09:52:30 ns20 named[16169]: validating etpcas.akamai.com/CNAME: bad cache hit (etpcas.akamai.com/DS) Dec 15 09:56:16 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba d cache hit (etp.akamai.com/DS) Dec 15 09:58:17 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba d cache hit (etp.akamai.com/DS) Dec 15 10:00:41 ns20 named[16169]: validating etpcas.akamai.com/CNAME: bad cache hit (etpcas.akamai.com/DS) Dec 15 10:00:58 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba d cache hit (etp.akamai.com/DS) Dec 15 10:02:10 ns20 named[16169]: validating time.akamai.com/CNAME: bad cache h it (time.akamai.com/DS) Dec 15 10:02:59 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba d cache hit (etp.akamai.com/DS) Dec 15 10:04:59 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba d cache hit (etp.akamai.com/DS) Dec 15 10:06:29 ns20 named[16169]: validating time.akamai.com/CNAME: bad cache h it (time.akamai.com/DS) Dec 15 10:07:04 ns20 named[16169]: validating weblogin.akamai.com/CNAME: bad cac he hit (weblogin.akamai.com/DS) Dec 15 10:07:40 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba d cache hit (etp.akamai.com/DS) Dec 15 10:09:41 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba d cache hit (etp.akamai.com/DS) Dec 15 10:10:59 ns20 named[16169]: client @0x7f43e0e77ef0 37.224.15.122#61457 (t ime.akamai.com): query (cache) 'time.akamai.com/A/IN' denied Dec 15 10:12:22 ns20 named[16169]: validating dnsclient.etp.akamai.com/CNAME: ba
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
