One of my Bind DNS slave servers is denying all requests. Was working fine for over a year.

Discussion in 'ISPConfig 3 Priority Support' started by webguyz, Jul 2, 2020.

  1. webguyz

    webguyz Active Member HowtoForge Supporter

    This is output of syslog after running rndc querylog. Any idea where to start looking for an issue?


    Jul 2 13:41:14 ns2 named[472]: client 108.128.154.240#35121 (mgate1.webguyz.net): query: mgate1.webguyz.net IN A -EDC (45.76.18.55)
    Jul 2 13:41:14 ns2 named[472]: client 108.128.154.240#35121 (mgate1.webguyz.net): query (cache) 'mgate1.webguyz.net/A/IN' denied
    Jul 2 13:41:14 ns2 named[472]: client 108.128.5.85#59673 (mgate1.webguyz.net): query: mgate1.webguyz.net IN A -EDC (45.76.18.55)
    Jul 2 13:41:14 ns2 named[472]: client 108.128.5.85#59673 (mgate1.webguyz.net): query (cache) 'mgate1.webguyz.net/A/IN' denied
    Jul 2 13:41:15 ns2 named[472]: client 12.121.117.120#18145 (www.lamberts.net): query: www.lamberts.net IN A -EDC (45.76.18.55)
    Jul 2 13:41:15 ns2 named[472]: client 12.121.117.120#18145 (www.lamberts.net): query (cache) 'www.lamberts.net/A/IN' denied

    Looked up Query Denied on Google and they are talking about config issues. Have 3 DNS servers set up the same way

    Tried clearing cache with RNDC FLUSH and RELOAD but no luck
     
    Last edited: Jul 2, 2020
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I agree it is configuration issue. But you do not show what the configuration is. You could compare configuration on problem host with others. There is link to DNS tutorial in my signature.
    Meanwhile, using Internet search engines with
    Code:
    bind9 query denied
    finds among others this:
    https://www.howtoforge.com/community/threads/dns-query-denied.44738/
     
  3. webguyz

    webguyz Active Member HowtoForge Supporter

    Found the problem. My named.conf.local file was 1 byte and it was updated at 10pm last night. This is the file that tells what domains your server manages. It was overwritten at 10pm last night when my monitoring system started reporting a problem. Without it Bind does not know who to get queries for so yes, it was a config problem, but now the bigger problem is what overwrote named.conf.local. A bug or hacker.

    Thanks
     
  4. webguyz

    webguyz Active Member HowtoForge Supporter

    Checked my other 2 DNS slaves and they both had their named.conf.local updated last night at 10pm. Have to conclude that BIND somehow failed during the update of that file on that one DNS server and wiped it out instead of updating it. Weird
     
  5. elmacus

    elmacus Active Member HowtoForge Supporter

    Did you try to resync the DNS in ISPconfig to solve this ?
     
  6. webguyz

    webguyz Active Member HowtoForge Supporter

    Did not try resync. Had a hard time believing it was a config issue, but a resync would have fixed it. Just copied over the file from one of my other slave servers which is faster.
     

Share This Page