Centos – Unexpected RCODE(SERVFAIL) causing bind to crash

bindcentosdomain-name-system

Every two days or so, my server stops responding entirely to its services. I can ping it, but I cannot use SSH so I have to go into my host's control panel and reset it.

When it comes back up, the last log entry before the crash in /var/log/messages are variations on the following:

named[3493]: unexpected RCODE (SERVFAIL) resolving '3.39.148.159.in-addr.arpa/PTR/IN': 193.0.0.193#53

Could this be a part of a DoS attack? I have not configured bind on this server and didn't think I'd need to (however naïve that may be).

Best Answer

Question first off: does it actually need the bind accessible to the outside world? If not, just block ingoing traffic on the DNS ports, and you're all set.

But yes, indirectly this is part of an 'attack', as your mail server is probably trying to bounce back "user not found" mails to bogus servers.

And do you have spamassassin running on your machine? If you're hit by a spamwave and the perl spamassassin is trying to handle all the mail, it might take down your system on unlucky configurations.

Related Solutions

BIND authoritative name server: SERVFAIL

You can turn up debugging to see if that doesn't directly answer your question. However, I'd suspect that the permissions on your zone file aren't allowing the bind user to read the file.

I define all my logging options in named.logging.conf and then use an include in the main file:

logging {
        channel default_syslog {
                // Send most of the named messages to syslog.
                syslog local2;
                severity debug; 
        };

        channel audit_log {
                // Send the security related messages to a separate file.
                file "/var/named/system/named.log";
                severity debug;
                print-time yes; 
        };

        channel null {
                null;
        };

        category default { default_syslog; };
        category general { default_syslog; };
        category security { audit_log; default_syslog; };
        category config { default_syslog; };
        category resolver { audit_log; };
        category xfer-in { audit_log; };
        category xfer-out { audit_log; };
        category notify { audit_log; };
        category client { audit_log; };
        category network { audit_log; };
        category update { audit_log; };
        category queries { audit_log; };
        category lame-servers { null; }; 

};

and then in named.conf:

root@dnsm02:/etc/bind# grep logging named.conf
include "/etc/bind/named.logging.conf";

Additionally, you don't mention views, but if you have any views defined, then all of your zones must be in defined views.

BIND and SERVFAIL

You use named-checkzone.

$ named-checkzone tenebris.cs cs.db 
dns_rdata_fromtext: cs.db:13: near 'hermes.tenebris.cs.': not a valid number
dns_master_load: cs.db:22: www.tenebris.cs: CNAME and other data
zone tenebris.cs/IN: loading from master file cs.db failed: not a valid number
zone tenebris.cs/IN: not loaded due to errors.

The first error tells you that you have a problem with your MX record pointing to hermes.tenebris.cs. MX records take the format:

name           ttl  class   rr  pref name

You are missing the pref. Since you have only one, you can set this to any valid number between 0 and 65535. I tried 10.

The next error is with your CNAME. A CNAME cannot coexist with another record. You have a duplicate with www pointing to both an A record as well as a CNAME.

Remove the A record and now your zone should work!

Best Answer

Related Solutions

BIND authoritative name server: SERVFAIL

BIND and SERVFAIL

Related Topic