DNS always down! Help

Mon Feb 26 05:33:47 UTC 2001

	Well if named is not answering but the process is there
	I would say there is a good chance that your system has been
	compromised.  See

	http://www.isc.org/products/BIND/bind-security.html

	Mark

> 
> in article 9745hg$ip4 at pub3.rc.vix.com, Kevin Darcy at
> kcd at daimlerchrysler.com wrote on 2/23/01 6:57 AM:
> 
> Everytime I found my DNS is not working, I cannot use nslookup / dig to make
> any query and I try to check the status  " /etc/rc.d/init.d/named status " I
> found some differences :
>  
> After "named" was down -- even I found named is still running (ps -e |grep
> named)
> /etc/rc.d/init.d/named status
> 
> ndc: error: ctl_client: evConnect(fd 3): Connection refused
> ndc: error: cannot connect to command channel (/var/run/ndc)
> 
> 
> When named can make query:
> /etc/rc.d/init.d/named status
> 
> named 8.2.2-P5 Mon Feb 28 10:17:53 EST 2000
> root at porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src/bin/named
> number of zones allocated: 64
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 0
> query logging is OFF
> server is DONE priming
> server IS NOT loading its configuration
> 
> 
> 
> 
> 
> > 
> > leungwai at Pacific.net wrote:
> > 
> >> Any one Please help:
> >> 
> >> My DNS (Bind 8) always down, it can run normally one to two day, after tha
> t
> >> I've checked the "named" status /etc/rc.d/init.d/named status  was not
> >> running.
> > 
> > That must be a Linux thing. Talk to the Linux folks about how to interpret
> > that result.
> > 
> >> But when I try ps -e to list the running processes, I can found
> >> named.
> > 
> > Then named *is* running after all! I guess "/etc/rc2.d/init.d/named status"
> > lied...
> > 
> >> Also, I found my server log as follows:
> >> These messages repeat more than 2 hours....is there any problems here??
> >> I'm using RedHat 6.2, the server running DNS, Sendmail, Apache and WU-Ftp
> >> together.
> >> 
> >> Feb 19 17:45:35 ns1 inetd[491]: pid 718: exit status 1
> >> Feb 19 18:08:39 ns1 named[505]: Cleaned cache of 0 RRsets
> >> Feb 19 18:08:39 ns1 named[505]: USAGE 982577319 982559958 CPU=0.12u/0.05s
> >> CHILDCPU=0u/0s
> >> Feb 19 18:08:39 ns1 named[505]: NSTATS 982577319 982559958 A=7 PTR=72
> >> Feb 19 18:08:39 ns1 named[505]: XSTATS 982577319 982559958 RR=14 RNXD=6
> >> RFwdR=10 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0$
> >> Feb 19 19:08:39 ns1 named[505]: Cleaned cache of 2 RRsets
> >> Feb 19 19:08:39 ns1 named[505]: USAGE 982580919 982559958 CPU=0.12u/0.05s
> >> CHILDCPU=0u/0s
> >> Feb 19 19:08:39 ns1 named[505]: NSTATS 982580919 982559958 A=7 PTR=76
> >> Feb 19 19:08:39 ns1 named[505]: XSTATS 982580919 982559958 RR=14 RNXD=6
> >> RFwdR=10 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0$
> >> Feb 19 20:08:39 ns1 named[505]: Cleaned cache of 0 RRsets
> >> Feb 19 20:08:39 ns1 named[505]: USAGE 982584519 982559958 CPU=0.21u/0.05s
> >> CHILDCPU=0u/0s
> >> Feb 19 20:08:39 ns1 named[505]: NSTATS 982584519 982559958 A=15 PTR=87
> >> Feb 19 20:08:39 ns1 named[505]: XSTATS 982584519 982559958 RR=58 RNXD=6
> >> RFwdR=11 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0$
> >> Feb 19 21:08:39 ns1 named[505]: Cleaned cache of 0 RRsets
> >> Feb 19 21:08:39 ns1 named[505]: USAGE 982588119 982559958 CPU=0.22u/0.05s
> >> CHILDCPU=0u/0s
> >> Feb 19 21:08:39 ns1 named[505]: NSTATS 982588119 982559958 A=15 PTR=88
> >> Feb 19 21:08:39 ns1 named[505]: XSTATS 982588119 982559958 RR=61 RNXD=6
> >> RFwdR=11 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0$
> >> Feb 19 22:08:39 ns1 named[505]: Cleaned cache of 0 RRsets
> >> Feb 19 22:08:39 ns1 named[505]: USAGE 982591719 982559958 CPU=0.22u/0.05s
> >> CHILDCPU=0u/0s
> >> Feb 19 22:08:39 ns1 named[505]: NSTATS 982591719 982559958 A=15 PTR=88
> >> Feb 19 22:08:39 ns1 named[505]: XSTATS 982591719 982559958 RR=61 RNXD=6
> >> RFwdR=11 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0$
> >> Feb 19 23:08:39 ns1 named[505]: Cleaned cache of 0 RRsets
> >> Feb 19 23:08:39 ns1 named[505]: USAGE 982595319 982559958 CPU=0.22u/0.05s
> >> CHILDCPU=0u/0s
> > 
> > No problems there. The nameserver is answering queries, doing maintenance,
> > consuming CPU, etc.
> > 
> > Is there actually a problem here? Or are you just putting WAY too much trus
> t
> > in Linux'es "/etc/rc.d/init.d/named status"?? Don't believe everything you
> > read. (Including this :-)
> > 
> > 
> > - Kevin
> > 
> > 
> > 
> > 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com