2600 lines of errors in logwatch "Named" section

Issues related to applications and software problems and general support
Post Reply
ralf
Posts: 132
Joined: 2005/11/25 20:10:20

2600 lines of errors in logwatch "Named" section

Post by ralf » 2020/06/28 15:12:56

Hi, I have 2600+ lines (!) of errors in my daily logwatch reports in the section on "Named", like:
validating 007nlcvoe9ci4659h18ac33g0cp7c9ou.glb.nist.gov/NSEC3: no valid signature found: 1 Time(s)
where the underlined part is changing from line to line and looks completely random.

I am quite sure, I haven't been actively looking for those domains, so something is doing this for me....

When looking for the named process, only one pops up:
[root@server1 Downloads]# ps -ef | grep named
named 1827 1 0 May19 ? 00:39:28 /usr/sbin/named -u named -c /etc/named.conf
Any clue as to where I should start looking for what is causing these random and extensive DNS searched?

Any help is appreciated!

P.S: I run a fully updated Centos8 system

/Ralf

gerry666uk
Posts: 98
Joined: 2020/02/10 19:06:06

Re: 2600 lines of errors in logwatch "Named" section

Post by gerry666uk » 2020/06/29 21:40:05

It sounds like you are running 'bind', so it implies you are running your own DNS server?

ralf
Posts: 132
Joined: 2005/11/25 20:10:20

Re: 2600 lines of errors in logwatch "Named" section

Post by ralf » 2020/06/30 05:54:15

Yes, I run my own DNS server for my own little internal network.

User avatar
jlehtone
Posts: 4530
Joined: 2007/12/11 08:17:33
Location: Finland

Re: 2600 lines of errors in logwatch "Named" section

Post by jlehtone » 2020/06/30 07:32:12

The "NSEC3" seems to relate to "DNSSEC" (DNS Security Extensions). Perhaps dnssec is not set up properly?

I don't know how to configure dnssec for BIND (Berkeley Internet Name Domain toolset, whose DNS server component is "named").

ralf
Posts: 132
Joined: 2005/11/25 20:10:20

Re: 2600 lines of errors in logwatch "Named" section

Post by ralf » 2020/07/01 07:08:56

My main concern is more the number of lines with the random versions of addresses of the same main domain. This makes me believe "something" on my server is checking that main domain .... Any comments?

remyd1
Posts: 2
Joined: 2020/08/27 12:50:39

Re: 2600 lines of errors in logwatch "Named" section

Post by remyd1 » 2020/08/27 13:39:12

Hi,

I have the same issue on Ubuntu Bionic 18.04. My bind version is 9.11.3. Those machines are both DNS SOA servers (for a .local zone) and clients.

In my case, it seems to be more a named client problem than a SOA server issue. Indeed, the DNS SOA server for zone with those issues is also running on Ubuntu 18.04 with bind 9.11.3. However, the SOA server for this zone is a public one, and it does not have the same errors. It appears that the resolver is systemd on this one, contrary to others.
Moreover I checked the keys on my public SOA server and it seems to be Ok.

I tried to sign again the zone on the DNS SOA server, but that did not helped. I also tried to clear the named client cache using `rndc flushname <public zone>`, but that did not work either (even the restart of named daemon did not solve that issue).

Did you found any solution since then ?

Best regards,

ralf
Posts: 132
Joined: 2005/11/25 20:10:20

Re: 2600 lines of errors in logwatch "Named" section

Post by ralf » 2020/08/28 07:47:20

Hi remyd1

I have done nothing specifically, other than installing a regular kernel update from CENTOS8.
Then the problems were gone......
Could it be a kernel issue for Ubuntu too?

I hope you (or Ubuntu!) solves the problem!

remyd1
Posts: 2
Joined: 2020/08/27 12:50:39

Re: 2600 lines of errors in logwatch "Named" section

Post by remyd1 » 2020/08/28 07:57:07

Hi,

If this is a kernel issue (I don't think so), it is not specifically related to Linux distributions. My kernel releases are:
4.15.0-112-generic

Do you know what is your bind version ?

Thanks,

Best regards,

ralf
Posts: 132
Joined: 2005/11/25 20:10:20

Re: 2600 lines of errors in logwatch "Named" section

Post by ralf » 2020/08/28 08:21:29

I replied a bit too quick...
It was not only a kernel update, but a new release....
My bind version is
bind-9.11.20-3.el8.x86_64

User avatar
TrevorH
Site Admin
Posts: 33218
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: 2600 lines of errors in logwatch "Named" section

Post by TrevorH » 2020/08/28 15:24:15

My kernel releases are:
4.15.0-112-generic
That is not a CentOS system.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply