bind 9 goes rogue and revert zone information

Alberto Colosi alcol at hotmail.com
Tue Feb 7 14:27:47 UTC 2017 

hi is unclear named structure if is a slave a master if dynamic updates are enabled and if the unix box has been hacked

as last , zones are static files on fs ?


________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Raul Dias <raul at dias.com.br>
Sent: Tuesday, February 7, 2017 3:03 PM
To: bind-users at lists.isc.org
Subject: bind 9 goes rogue and revert zone information

Hello,

I have a very strange behavior that I am failing to understand.

2 to 5 times a week, a named server revert back to a previous version os
a master zone.
This happens during the night, usually around 20h EST.

This zone has a serial of 3017020401 (yes, I typo the 3 somewhere in the
past).
When it reverts its zone information, it goes back to 3016060101.

I have updated, restarted the host, clean all cache and journal files,
grep all files in the host for 3016060101 (just shows up in the logs).

So, I have no clue why, or how it is happening. Where does it get the
old information.

I thought first about the serial, but it would have happened in the past
too, right?  As it should be a 32bit unsigned integer, it shouldn't be a
problem, IMHO.

Yet, when "dig domain -t SOA @server", it is there again.

The host is a debian Jessie and bind is 9.9.5, 1:9.9.5.dfsg-9+deb8u8
more specifically.


Thanks for any direction.
-rsd
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users Info Page - Internet Systems Consortium<https://lists.isc.org/mailman/listinfo/bind-users>
lists.isc.org
To see the collection of prior postings to the list, visit the bind-users Archives. Using bind-users: To post a message to all the list members, send ...



bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bind-users Info Page - Internet Systems Consortium<https://lists.isc.org/mailman/listinfo/bind-users>
lists.isc.org
To see the collection of prior postings to the list, visit the bind-users Archives. Using bind-users: To post a message to all the list members, send ...


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170207/cfb85803/attachment.html>

More information about the bind-users mailing list