Page 1 of 1

2600 lines of errors in logwatch "Named" section

Posted: 2020/06/28 15:12:56
by ralf
Hi, I have 2600+ lines (!) of errors in my daily logwatch reports in the section on "Named", like:
validating 007nlcvoe9ci4659h18ac33g0cp7c9ou.glb.nist.gov/NSEC3: no valid signature found: 1 Time(s)
where the underlined part is changing from line to line and looks completely random.

I am quite sure, I haven't been actively looking for those domains, so something is doing this for me....

When looking for the named process, only one pops up:
[root@server1 Downloads]# ps -ef | grep named
named 1827 1 0 May19 ? 00:39:28 /usr/sbin/named -u named -c /etc/named.conf
Any clue as to where I should start looking for what is causing these random and extensive DNS searched?

Any help is appreciated!

P.S: I run a fully updated Centos8 system

/Ralf

Re: 2600 lines of errors in logwatch "Named" section

Posted: 2020/06/29 21:40:05
by gerry666uk
It sounds like you are running 'bind', so it implies you are running your own DNS server?

Re: 2600 lines of errors in logwatch "Named" section

Posted: 2020/06/30 05:54:15
by ralf
Yes, I run my own DNS server for my own little internal network.

Re: 2600 lines of errors in logwatch "Named" section

Posted: 2020/06/30 07:32:12
by jlehtone
The "NSEC3" seems to relate to "DNSSEC" (DNS Security Extensions). Perhaps dnssec is not set up properly?

I don't know how to configure dnssec for BIND (Berkeley Internet Name Domain toolset, whose DNS server component is "named").

Re: 2600 lines of errors in logwatch "Named" section

Posted: 2020/07/01 07:08:56
by ralf
My main concern is more the number of lines with the random versions of addresses of the same main domain. This makes me believe "something" on my server is checking that main domain .... Any comments?