bind error
Dear Concern, I have running bind 9.7.3 on debian. I also running dump.db. While I am running dump.db for bind log it give error like that critical: masterdump.c:419: REQUIRE(result == 0) failed, back trace 11-Oct-2011 04:32:15.258 general: critical: #0 0x4259af in ?? 11-Oct-2011 04:32:15.258 general: critical: #1 0x7fdca44cbafa in ?? 11-Oct-2011 04:32:15.258 general: critical: #2 0x7fdca537d9d4 in ?? 11-Oct-2011 04:32:15.258 general: critical: #3 0x7fdca537dcdd in ?? 11-Oct-2011 04:32:15.258 general: critical: #4 0x7fdca537edb7 in ?? 11-Oct-2011 04:32:15.258 general: critical: #5 0x7fdca537fb68 in ?? 11-Oct-2011 04:32:15.258 general: critical: #6 0x7fdca44e99e9 in ?? 11-Oct-2011 04:32:15.258 general: critical: #7 0x7fdca3e9e8ba in ?? 11-Oct-2011 04:32:15.258 general: critical: #8 0x7fdca38b602d in ?? 11-Oct-2011 04:32:15.258 general: critical: exiting (due to assertion failure) So why this problem occurs and how to solve this problem. BR Mosharaf Network Engineer(Core) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind9 service problem with BIND 9.10.3
Hi All Lately, we've been encountering an intriguing issue with our Auth+Recursive DNS server, characterized by relatively low traffic. Normally, our DNS server handles around 3 Mbps/second of traffic. However, at certain moments, when the load peaks at 4-5 Mbps, the DNS resolver's responsiveness falters. To my understanding, this occurrence may be indicative of an ongoing DDoS attack during these periods. Nevertheless, I'm puzzled as to why the server seems to get stuck at 4-5 Mbps, considering that the LAN capacity is a substantial 1 Gbps. I seek your guidance to address and resolve this recurrent issue. Currnet BIND9 version : .10.3-P4-Ubuntu Fig: Showing the suspicious traffic and during this time recursion unable to respond. [image: image.png] Regards Mosharaf Hossain Manager, Product Development IT Division Bangladesh Export Import Company Ltd. Level-8, SAM Tower, Plot #4, Road #22, Gulshan-1, Dhaka-1212,Bangladesh Tel: +880 9609 000 999, +880 2 5881 5559, Ext: 14191, Fax: +880 2 9895757 Cell: +8801787680828, Email: mosharaf.hoss...@bol-online.com, Web: www.bol-online.com <https://www.google.com/url?q=http://www.bol-online.com&sa=D&source=hangouts&ust=1557908951423000&usg=AFQjCNGMxIuHSHsD3qO6y5JddpEZ0S592A> -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.18 BIND not resolving .gov.bd site
Hi Recently I installed BIND 9.18 in the debina12 server and everything is working fine except .gov.bd sites. Following are some reports attached for your reference. Kindly help me to identify the reason. [image: image.png] root@ns1:/etc/bind# dig mofa.gov.bd +trace ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> mofa.gov.bd +trace ;; global options: +cmd . 518244 IN NS b.root-servers.net. . 518244 IN NS c.root-servers.net. . 518244 IN NS f.root-servers.net. . 518244 IN NS g.root-servers.net. . 518244 IN NS l.root-servers.net. . 518244 IN NS k.root-servers.net. . 518244 IN NS i.root-servers.net. . 518244 IN NS d.root-servers.net. . 518244 IN NS e.root-servers.net. . 518244 IN NS a.root-servers.net. . 518244 IN NS h.root-servers.net. . 518244 IN NS m.root-servers.net. . 518244 IN NS j.root-servers.net. . 518244 IN RRSIG NS 8 0 518400 2023111205 2023103004 46780 . KOSvh8dmDkcY070FSYz+vAkH6BC+ZR4nGbEu0plshkZZX47oFXFpsHTJ /LiU7G7KXp6gE+g+QDcHk/HPEljGFNY5RwvzQaCjHGG063ypr+Huj1vJ 0SR03fSwm1FALKZ0EFNI2aIfpxY/1S8xc2HzZmHuneQcp7mTY7i+KtOY z8ljk2jQbdCjHYPg/AgIPtF2+507LnFScSCTw+zOVFYFktoPHyy/wDIk 3G0VQQIQG5+1kjn7YZl1yuyxiSqJhq1+7tSkrL3AKhA4fJtynJcBbZsw dq3mVHPfARjUjby2WNt/M2clERoo+W/zYsZpkKamUpvTNm6gYnnt2xUV 8F5/Ow== ;; Received 1137 bytes from x.x.x.x#53(x.x.x.x) in 0 ms bd. 172800 IN NS dns.bd. bd. 172800 IN NS bd-ns.anycast.pch.net. bd. 172800 IN NS surma.btcl.net.bd. bd. 172800 IN NS jamuna.btcl.net.bd. bd. 86400 IN DS 26044 8 1 2DAD1B7F8CA778464F536FDDD15EFD24CCCB62EF bd. 86400 IN DS 26044 8 2 BD01C4B4345D21FC38AA88129F7BC00FDD7B422799CC6703736E3B38 1F37DD5B bd. 86400 IN RRSIG DS 8 1 86400 2023111205 2023103004 46780 . MiQoaKFiMKBfioQieg7q6riR+DKwn6vZyvNYUcfQRWi9obbcpq2vAK3m N82C22NxFtX3jwa1IxKjp2kh53PTiLgVcgS9HWiugsyzbmaTyVGI6iL8 dsUXGEpd0i+QTNv3TEFtApmsj1R+tbsvotUlVwSwYS3GPJ7KRVUN1ewN Pr/sD5hfDXl+SSlLD6Y1zka5y8PU9wIh5wWngKtIXlFgil/DYu7vuOMi 3i8Cpw/bfFkwz4PxluUCLX1aFmCKjFrxz4t4SlagzHUVtfGGVfFCEB/K pNqoHVmORAKBUjJU713QESLhLEosS8BOcCJhe3/X9YYA9iiXNiPR/NLT QrXXkQ== couldn't get address for 'surma.btcl.net.bd': not found couldn't get address for 'jamuna.btcl.net.bd': not found ;; Received 690 bytes from 192.203.230.10#53(e.root-servers.net) in 0 ms mofa.gov.bd.86400 IN NS ns1.bcc.gov.bd. mofa.gov.bd.86400 IN NS ns2.bcc.gov.bd. couldn't get address for 'ns1.bcc.gov.bd': not found couldn't get address for 'ns2.bcc.gov.bd': not found dig: couldn't get address for 'ns1.bcc.gov.bd': no more root@ns1:/etc/bind# Regards Mosharaf Hossain Manager, Product Development IT Division -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.18 BIND not resolving .gov.bd site
Hello All The problem of the .gov.bd domain resolution has been successfully resolved. In the zone file configuration, there was a forward entry for .gov.bd, and after commenting out those lines, all .gov.bd domains are now functioning correctly. Thank you all for providing the right guidance that helped us pinpoint the issue." root@ns1:/# dig mofa.gov.bd +trace \ ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> mofa.gov.bd +trace ;; global options: +cmd . 452497 IN NS m.root-servers.net. . 452497 IN NS i.root-servers.net. . 452497 IN NS e.root-servers.net. . 452497 IN NS g.root-servers.net. . 452497 IN NS l.root-servers.net. . 452497 IN NS a.root-servers.net. . 452497 IN NS j.root-servers.net. . 452497 IN NS b.root-servers.net. . 452497 IN NS c.root-servers.net. . 452497 IN NS f.root-servers.net. . 452497 IN NS h.root-servers.net. . 452497 IN NS d.root-servers.net. . 452497 IN NS k.root-servers.net. . 452497 IN RRSIG NS 8 0 518400 2023111205 2023103004 46780 . KOSvh8dmDkcY070FSYz+vAkH6BC+ZR4nGbEu0plshkZZX47oFXFpsHTJ /LiU7G7KXp6gE+g+QDcHk/HPEljGFNY5RwvzQaCjHGG063ypr+Huj1vJ 0SR03fSwm1FALKZ0EFNI2aIfpxY/1S8xc2HzZmHuneQcp7mTY7i+KtOY z8ljk2jQbdCjHYPg/AgIPtF2+507LnFScSCTw+zOVFYFktoPHyy/wDIk 3G0VQQIQG5+1kjn7YZl1yuyxiSqJhq1+7tSkrL3AKhA4fJtynJcBbZsw dq3mVHPfARjUjby2WNt/M2clERoo+W/zYsZpkKamUpvTNm6gYnnt2xUV 8F5/Ow== ;; Received 1137 bytes from 202.84.32.22#53(202.84.32.22) in 0 ms bd. 172800 IN NS surma.btcl.net.bd. bd. 172800 IN NS dns.bd. bd. 172800 IN NS bd-ns.anycast.pch.net. bd. 172800 IN NS jamuna.btcl.net.bd. bd. 86400 IN DS 26044 8 2 BD01C4B4345D21FC38AA88129F7BC00FDD7B422799CC6703736E3B38 1F37DD5B bd. 86400 IN DS 26044 8 1 2DAD1B7F8CA778464F536FDDD15EFD24CCCB62EF bd. 86400 IN RRSIG DS 8 1 86400 2023111217 2023103016 46780 . IFF4dDc0UEceikw9rf2bEaz/4LZtyCHeKAxX+gD8okseRzK1EcheFZ53 m8ZJtUa/ptVRIm6Hvwc8HTq7KeRKoCULw2isoqB/gNJDc+PasE0/2Uq8 vEY0CCPJad/zKRAjSXxkI6tmvOt3a3Mk6soTIOFCiK0eITwx2sJsdIGZ /wL3cfaqSHh1735dWtg0kWFstyesSida7YHjNyOsJ/X/mUMEInhFdHzR mg3Sa64FUy8BamA/yTUazNb3VG3yRS9ZUFJXeMib7qjSspDEqb2dTKzy RvFxiNKOD5rDoCN3/Da6hi/dBhCLL9Zh+6mhsV0KHLahoKI2Bl2xw2v3 F9hFyA== ;; Received 722 bytes from 192.36.148.17#53(i.root-servers.net) in 51 ms mofa.gov.bd.86400 IN NS ns1.bcc.gov.bd. mofa.gov.bd.86400 IN NS ns2.bcc.gov.bd. ;; Received 146 bytes from 204.61.216.108#53(bd-ns.anycast.pch.net) in 0 ms mofa.gov.bd.38400 IN A 103.163.210.117 mofa.gov.bd.38400 IN A 103.163.210.121 mofa.gov.bd.38400 IN NS ns1.bcc.gov.bd. mofa.gov.bd.38400 IN NS ns2.bcc.gov.bd. ;; Received 146 bytes from 114.130.54.124#53(ns2.bcc.gov.bd) in 0 ms Regards Mosharaf Hossain Manager, Product Development IT Division Bangladesh Export Import Company Ltd. Level-8, SAM Tower, Plot #4, Road #22, Gulshan-1, Dhaka-1212,Bangladesh Tel: +880 9609 000 999, +880 2 5881 5559, Ext: 14191, Fax: +880 2 9895757 Cell: +8801787680828, Email: mosharaf.hoss...@bol-online.com, Web: www.bol-online.com <https://www.google.com/url?q=http://www.bol-online.com&sa=D&source=hangouts&ust=1557908951423000&usg=AFQjCNGMxIuHSHsD3qO6y5JddpEZ0S592A> On Tue, Oct 31, 2023 at 7:15 AM Mark Andrews wrote: > > > > On 30 Oct 2023, at 17:25, Mosharaf Hossain < > mosharaf.hoss...@bol-online.com> wrote: > > > > mofa.gov.bd.86400 IN NS ns1.bcc.gov.bd. > > mofa.gov.bd.86400 IN NS ns2.bcc.gov.bd. > > couldn't get address for 'ns1.bcc.gov.bd': not found > > couldn't get address for 'ns2.bcc.gov.bd': not found > > dig: couldn't get address for 'ns1.bcc.gov.bd': no more > > root@ns1:/etc/bind# > > So you got this this point and that is saying that the lookup of > the addresses of the nameservers is failing. The next step would to > do a 'dig +trace' or a 'dig +trace +all' of those names. > > % dig +trace ns1.bcc.gov.bd. +all -4 > ;; BADCOOKIE, retrying. > > ; <<>> DiG 9.19.18-dev <<>> +trace ns1.bcc.gov.bd. +all -4 > ;; global options: +cmd
DNS NXDOMAIN flood
Hello Folks I have come across a challenge with our BIND nameserver, specifically related to a "*DNS NXDOMAIN flood*" problem. Despite upgrading the BIND version from 9.10 to 9.18, the issue persists. The attack originates from an external network, and it periodically saturates our entire internet bandwidth. While we've implemented various measures to combat the attack, it continues to be a significant problem, rendering our DNS server incapable of resolving queries during these onslaughts. Current DNS server spec: OS Debian 12 BIND: BIND 9.18.19-1~deb12u1-Debian (Extended Support Version) *DNS NXDOMAIN flood Sample log:* Nov 02 09:00:23 ns1.bol-online.com named[2202594]: client @0x7fce7d2c1768 47.74.84.139#28827 (bearnote.primebank.com.bd): rate limit drop NXDOMAIN response to 47.74.84.0/24 for primebank.c> Nov 02 09:00:23 ns1.bol-online.com named[2202594]: client @0x7fce720cdd68 192.221.176.14#34882 (2014-06-24.pRiMEBANK.cOM.BD): rate limit drop NXDOMAIN response to 192.221.176.0/24 for prim> Nov 02 09:00:23 ns1.bol-online.com named[2202594]: client @0x7fce65cb9d68 74.125.187.132#53017 (HUbBY.PRimEBaNK.cOm.bD): rate limit drop NXDOMAIN response to 74.125.187.0/24 for primebank.> Nov 02 09:00:23 ns1.bol-online.com named[2202594]: client @0x7fce90fdb768 172.217.47.5#65160 (GEoVIsIOn.PrimeBAnk.COm.bD): rate limit drop NXDOMAIN response to 172.217.47.0/24 for primeban> Nov 02 09:00:23 ns1.bol-online.com named[2202594]: client @0x7fce99901b68 77.59.227.211#61265 (lanyware.primebank.com.bd): rate limit slip NXDOMAIN response to 77.59.227.0/24 for primebank> Nov 02 09:00:23 ns1.bol-online.com named[2202594]: client @0x7fce7ee5cd68 1.20.200.152#37953 (debianmeetingresume200809-kansai.primebank.com.bd): rate limit slip NXDOMAIN response to 1.20.> Nov 02 09:00:23 ns1.bol-online.com named[2202594]: client @0x7fce69846968 162.158.207.78#44948 (stacking.primebank.com.bd): rate limit drop NXDOMAIN response to 162.158.207.0/24 for primeb> Regards Mosharaf Hossain -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
