CentOS

Hi, I have 2600+ lines (!) of errors in my daily logwatch reports in the section on "Named", like:

validating 007nlcvoe9ci4659h18ac33g0cp7c9ou.glb.nist.gov/NSEC3: no valid signature found: 1 Time(s)

where the underlined part is changing from line to line and looks completely random.

I am quite sure, I haven't been actively looking for those domains, so something is doing this for me....

When looking for the named process, only one pops up:

[root@server1 Downloads]# ps -ef | grep named
named 1827 1 0 May19 ? 00:39:28 /usr/sbin/named -u named -c /etc/named.conf

Any clue as to where I should start looking for what is causing these random and extensive DNS searched?

Any help is appreciated!

P.S: I run a fully updated Centos8 system

/Ralf

It sounds like you are running 'bind', so it implies you are running your own DNS server?

Yes, I run my own DNS server for my own little internal network.

The "NSEC3" seems to relate to "DNSSEC" (DNS Security Extensions). Perhaps dnssec is not set up properly?

I don't know how to configure dnssec for BIND (Berkeley Internet Name Domain toolset, whose DNS server component is "named").

My main concern is more the number of lines with the random versions of addresses of the same main domain. This makes me believe "something" on my server is checking that main domain .... Any comments?

Hi,

I have the same issue on Ubuntu Bionic 18.04. My bind version is 9.11.3. Those machines are both DNS SOA servers (for a .local zone) and clients.

In my case, it seems to be more a named client problem than a SOA server issue. Indeed, the DNS SOA server for zone with those issues is also running on Ubuntu 18.04 with bind 9.11.3. However, the SOA server for this zone is a public one, and it does not have the same errors. It appears that the resolver is systemd on this one, contrary to others.
Moreover I checked the keys on my public SOA server and it seems to be Ok.

I tried to sign again the zone on the DNS SOA server, but that did not helped. I also tried to clear the named client cache using `rndc flushname <public zone>`, but that did not work either (even the restart of named daemon did not solve that issue).

Did you found any solution since then ?

Best regards,

Hi remyd1

I have done nothing specifically, other than installing a regular kernel update from CENTOS8.
Then the problems were gone......
Could it be a kernel issue for Ubuntu too?

I hope you (or Ubuntu!) solves the problem!

Hi,

If this is a kernel issue (I don't think so), it is not specifically related to Linux distributions. My kernel releases are:
4.15.0-112-generic

Do you know what is your bind version ?

Thanks,

Best regards,

I replied a bit too quick...
It was not only a kernel update, but a new release....
My bind version is
bind-9.11.20-3.el8.x86_64

My kernel releases are:
4.15.0-112-generic

That is not a CentOS system.