named keep crashing like 200 times a day

[Hellbound]

hi guys
my named service keep crashing,
and I can't figure out why,
I also can't resolve MX record from outside,
although I have forwarded port 53 UDP and TCP to
my webserver IP address.

I have doubled check all my domains and they all looked
normal to me.

Appreciate any help

Here is the result of DIG MX and messages

Code:

login as: root
root@10.1.1.7's password:
Last login: Thu Feb 22 23:29:43 2007 from 10.1.1.101
[root@host2 ~]# dig MX filtercard.com

; <<>> DiG 9.3.1 <<>> MX filtercard.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23673
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;filtercard.com.                        IN      MX

;; AUTHORITY SECTION:
filtercard.com.         10800   IN      SOA     host2.persiasys.com. admin.filte                                                 rcard.com. 2007021802 28800 7200 604800 86400

;; Query time: 856 msec
;; SERVER: 202.188.1.5#53(202.188.1.5)
;; WHEN: Thu Feb 22 23:30:43 2007
;; MSG SIZE  rcvd: 90

[root@host2 ~]# tail /var/log/messages -n 40
Feb 22 23:27:48 host2 named[19442]: command channel listening on 127.0.0.1#953
Feb 22 23:27:48 host2 named[19442]: command channel listening on ::1#953
Feb 22 23:27:48 host2 named[19442]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Feb 22 23:27:48 host2 named[19442]: zone 138.52.60.in-addr.arpa/IN: loaded serial 2007022201
Feb 22 23:27:48 host2 named[19442]: zone erfani111.com/IN: loaded serial 2006112102
Feb 22 23:27:48 host2 named[19442]: zone filtercard.com/IN: loaded serial 2007021802
Feb 22 23:27:48 host2 named[19442]: zone ir-sr.com/IN: loaded serial 2007022202
Feb 22 23:27:48 host2 named[19442]: zone negahnet.com/IN: loaded serial 2007022202
Feb 22 23:27:48 host2 named[19442]: zone neguin.com/IN: loaded serial 2007010602
Feb 22 23:27:48 host2 named[19442]: zone persiansubtitle.com/IN: loaded serial 2007022209
Feb 22 23:27:48 host2 named[19442]: zone campuslink.com.my/IN: loaded serial 2007021803
Feb 22 23:27:48 host2 named[19442]: zone ir-sr.com.my/IN: loaded serial 2007022210
Feb 22 23:27:48 host2 named[19442]: D-BUS dhcdbd subscription disabled.
Feb 22 23:27:48 host2 named[19442]: D-BUS service enabled.
Feb 22 23:27:48 host2 named[19442]: running
Feb 22 23:28:05 host2 proftpd[19514]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session opened.
Feb 22 23:28:05 host2 proftpd[19514]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session closed.
Feb 22 23:28:32 host2 sshd(pam_unix)[19599]: session opened for user root by root(uid=0)
Feb 22 23:28:35 host2 proftpd[19637]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session opened.
Feb 22 23:28:35 host2 proftpd[19637]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session closed.
Feb 22 23:28:54 host2 login(pam_unix)[19675]: could not recover authentication token
Feb 22 23:28:54 host2 login(pam_unix)[19675]: check pass; user unknown
Feb 22 23:28:54 host2 login(pam_unix)[19675]: authentication failure; logname= uid=0 euid=0 tty=pts/1 ruser= rhost=
Feb 22 23:28:56 host2 login[19675]: FAILED LOGIN 1 FROM (null) FOR as:, Authentication failure
Feb 22 23:28:56 host2 login(pam_unix)[19675]: could not recover authentication token
Feb 22 23:28:56 host2 login(pam_unix)[19675]: check pass; user unknown
Feb 22 23:28:58 host2 login[19675]: FAILED LOGIN SESSION FROM (null) FOR as:, Error in service module
Feb 22 23:28:58 host2 login(pam_unix)[19675]: 1 more authentication failure; logname= uid=0 euid=0 tty=pts/1 ruser= rhost=
Feb 22 23:29:05 host2 proftpd[19729]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session opened.
Feb 22 23:29:05 host2 proftpd[19729]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session closed.
Feb 22 23:29:35 host2 proftpd[19843]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session opened.
Feb 22 23:29:35 host2 proftpd[19843]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session closed.
Feb 22 23:29:43 host2 sshd(pam_unix)[19873]: session opened for user root by root(uid=0)
Feb 22 23:30:01 host2 proftpd[19982]: localhost (::ffff:127.0.0.1[::ffff:127.0.0.1]) - FTP session opened.
Feb 22 23:30:01 host2 proftpd[19982]: localhost (::ffff:127.0.0.1[::ffff:127.0.0.1]) - FTP session closed.
Feb 22 23:30:05 host2 proftpd[20108]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session opened.
Feb 22 23:30:05 host2 proftpd[20108]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session closed.
Feb 22 23:30:35 host2 proftpd[20203]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session opened.
Feb 22 23:30:35 host2 proftpd[20203]: localhost (::ffff:10.1.1.101[::ffff:10.1.1.101]) - FTP session closed.
Feb 22 23:30:35 host2 sshd(pam_unix)[20206]: session opened for user root by root(uid=0)
[root@host2 ~]#

Here is also the result of named.conf

Code:

options {
        pid-file "/var/named/chroot/var/run/named/named.pid";
        directory "/var/named/chroot/var/named";
        auth-nxdomain no;
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
        type hint;
        file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};

zone "138.52.60.in-addr.arpa" {
        type master;
        file "pri.138.52.60.in-addr.arpa";
};


zone "ir-sr.com" {
        type master;
        file "pri.ir-sr.com";
};
zone "erfani111.com" {
        type master;
        file "pri.erfani111.com";
};
zone "neguin.com" {
        type master;
        file "pri.neguin.com";
};
zone "campuslink.com.my" {
        type master;
        file "pri.campuslink.com.my";
};
zone "filtercard.com" {
        type master;
        file "pri.filtercard.com";
};
zone "persiansubtitle.com" {
        type master;
        file "pri.persiansubtitle.com";
};
zone "negahnet.com" {
        type master;
        file "pri.negahnet.com";
};
zone "ir-sr.com.my" {
        type master;
        file "pri.ir-sr.com.my";
};



//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////

[falko]

I don't see any error in the log.
What's the output of

Code:

netstat -tap

?

[Hellbound]

Thats why I don't understand,
but you try to resolve filtercard.com's MX record and it won't work.

thanks

Code:

[root@tv ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 localhost:2208              *:*                         LISTEN      2212/hpiod
tcp        0      0 *:mysql                     *:*                         LISTEN      2334/mysqld
tcp        0      0 *:sunrpc                    *:*                         LISTEN      2016/portmap
tcp        0      0 *:945                       *:*                         LISTEN      2035/rpc.statd
tcp        0      0 localhost:ipp               *:*                         LISTEN      2228/cupsd
tcp        0      0 *:smtp                      *:*                         LISTEN      2410/master
tcp        0      0 localhost:34460             *:*                         LISTEN      2218/python
tcp        1      0 tv.persiasys.com:51262      fpserv.fedoraproject.o:http CLOSE_WAIT  2543/python
tcp        0      0 *:imaps                     *:*                         LISTEN      2357/dovecot
tcp        0      0 *:pop3s                     *:*                         LISTEN      2357/dovecot
tcp        0      0 *:pop3                      *:*                         LISTEN      2357/dovecot
tcp        0      0 *:imap                      *:*                         LISTEN      2357/dovecot
tcp        0      0 *:http                      *:*                         LISTEN      13001/httpd
tcp        0      0 *:ftp                       *:*                         LISTEN      2428/proftpd: (acce
tcp        0      0 *:ssh                       *:*                         LISTEN      2237/sshd
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN      2228/cupsd
tcp        0      0 *:https                     *:*                         LISTEN      13001/httpd
tcp        0    888 tv.persiasys.com:ssh        ::ffff:10.1.1.1:canex-watch ESTABLISHED 9930/1
[root@tv ~]#

[till]

There is currently no named running. Do you get a error message when you start named?

[Hellbound]

this is very funny !!!
it is running

Code:

[root@host2 ~]# service named status
number of zones: 10
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
[root@host2 ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 *:imaps                     *:*                         LISTEN      2129/xinetd
tcp        0      0 *:pop3s                     *:*                         LISTEN      2129/xinetd
tcp        0      0 *:38633                     *:*                         LISTEN      1855/rpc.statd
tcp        0      0 *:mysql                     *:*                         LISTEN      2244/mysqld
tcp        0      0 *:pop3                      *:*                         LISTEN      2129/xinetd
tcp        0      0 *:imap                      *:*                         LISTEN      2129/xinetd
tcp        0      0 *:sunrpc                    *:*                         LISTEN      1837/portmap
tcp        0      0 *:81                        *:*                         LISTEN      2628/ispconfig_http
tcp        0      0 host2.persiasys.com:domain  *:*                         LISTEN      19442/named
tcp        0      0 localhost:domain            *:*                         LISTEN      19442/named
tcp        0      0 localhost:ipp               *:*                         LISTEN      2074/cupsd
tcp        0      0 localhost:5335              *:*                         LISTEN      2056/mDNSResponder
tcp        0      0 *:smtp                      *:*                         LISTEN      3703/master
tcp        0      0 localhost:rndc              *:*                         LISTEN      19442/named
tcp        0      0 host2.persiasys.com:57506   my1.doubleukay.com:http     ESTABLISHED 2944/freshclam
tcp        0      0 localhost:52348             localhost:rndc              TIME_WAIT   -
tcp        0      0 *:http                      *:*                         LISTEN      10138/httpd
tcp        0      0 *:ftp                       *:*                         LISTEN      3556/proftpd: (acce
tcp        0      0 *:ssh                       *:*                         LISTEN      2120/sshd
tcp        0      0 ::1:rndc                    *:*                         LISTEN      19442/named
tcp        0      0 *:https                     *:*                         LISTEN      10138/httpd
tcp        0      0 host2.persiasys.com:http    ::ffff:10.1.1.106:1213      TIME_WAIT   -
tcp        0      0 host2.persiasys.com:http    ::ffff:10.1.1.101:1782      TIME_WAIT   -
tcp        0      0 host2.persiasys.com:ssh     ::ffff:10.1.1.101:1620      ESTABLISHED 3608/1
tcp        0      0 host2.persiasys.com:http    ::ffff:10.1.1.101:1716      TIME_WAIT   -
tcp        0      0 host2.persiasys.com:http    ::ffff:10.1.1.106:1105      TIME_WAIT   -
[root@host2 ~]#

[falko]

Yes, now it's running, but it wasn't before.
Does name resolution work now?

[Hellbound]

although in above post it was working but the dig couldn't resolve mx record and the answer was zero.

a friend of mine fixed it remotely but I still don't know how did he do it.

I'll let you guys know about it later.