Bind 9 not responding to queries

sir izake sirizake at gmail.com
Sun Apr 12 01:41:52 UTC 2020 

Hi Support

I have installed BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el8 on CentOS Linux
release 8.1.1911.

I have configured bind as a recursive server for my network. At specific
times of day bind fails to respond to queries even though service is shown
to run (configured to respond to my network IPs, this works fine till this
time when service fails to answer queries)

I have looked through the logs and found below ;

Apr 10 20:12:43 ##### automatic empty zone: B.E.F.IP6.ARPA
Apr 10 20:12:43 ##### named[25445]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.AR>
Apr 10 20:12:43 ##### named[25445]: automatic empty zone: EMPTY.AS112.ARPA
Apr 10 20:12:43  #####  named[25445]: automatic empty zone: HOME.ARPA
Apr 10 20:12:43 ##### named[25445]: none:103: 'max-cache-size 90%' -
setting to >
Apr 10 20:12:44 # ##### named[25445]: configuring command channel from
'/etc/rndc.>
Apr 10 20:12:44 ##### named[25445]: command channel listening on
127.0.0.1#953
Apr 10 20:12:44 ##### named[25445]: configuring command channel from
'/etc/rndc.>
Apr 10 20:12:44 ##### named[25445]: command channel listening on ::1#953

others

Apr 11 22:38:01 ##### systemd[1]: Started Session 29 of user ABC.
Apr 11 22:38:04 #####  dbus-daemon[13352]: [system] Activating via systemd:
service name='net.reactivated.Fprint' unit='fprintd.service' requested by
':1.24116' (uid=0 pid=5364 comm="su - "
label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
Apr 11 22:38:04 #####  systemd[1]: Starting Fingerprint Authentication
Daemon...
Apr 11 22:38:04 #####  dbus-daemon[13352]: [system] Successfully activated
service 'net.reactivated.Fprint'
Apr 11 22:38:04 #####  systemd[1]: Started Fingerprint Authentication
Daemon.
Apr 11 22:38:09 #####  kernel: TCP: request_sock_TCP: Possible SYN flooding
on port 53. Sending cookies.  Check SNMP counters.

Could  log point to DDoS attack ( how do i mitigate)

I have tried to update bind but it looks like its the stable for Centos 8

Please advise what can be done to prevent the intermittent failures

Regards
Isaac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200412/9ed358ee/attachment.htm>

More information about the bind-users mailing list