2600 lines of errors in logwatch "Named" section

Issues related to applications and software problems and general support
Post Reply
ralf
Posts: 117
Joined: 2005/11/25 20:10:20

2600 lines of errors in logwatch "Named" section

Post by ralf » 2020/06/28 15:12:56

Hi, I have 2600+ lines (!) of errors in my daily logwatch reports in the section on "Named", like:
validating 007nlcvoe9ci4659h18ac33g0cp7c9ou.glb.nist.gov/NSEC3: no valid signature found: 1 Time(s)
where the underlined part is changing from line to line and looks completely random.

I am quite sure, I haven't been actively looking for those domains, so something is doing this for me....

When looking for the named process, only one pops up:
[root@server1 Downloads]# ps -ef | grep named
named 1827 1 0 May19 ? 00:39:28 /usr/sbin/named -u named -c /etc/named.conf
Any clue as to where I should start looking for what is causing these random and extensive DNS searched?

Any help is appreciated!

P.S: I run a fully updated Centos8 system

/Ralf

gerry666uk
Posts: 52
Joined: 2020/02/10 19:06:06

Re: 2600 lines of errors in logwatch "Named" section

Post by gerry666uk » 2020/06/29 21:40:05

It sounds like you are running 'bind', so it implies you are running your own DNS server?

ralf
Posts: 117
Joined: 2005/11/25 20:10:20

Re: 2600 lines of errors in logwatch "Named" section

Post by ralf » 2020/06/30 05:54:15

Yes, I run my own DNS server for my own little internal network.

User avatar
jlehtone
Posts: 2932
Joined: 2007/12/11 08:17:33
Location: Finland

Re: 2600 lines of errors in logwatch "Named" section

Post by jlehtone » 2020/06/30 07:32:12

The "NSEC3" seems to relate to "DNSSEC" (DNS Security Extensions). Perhaps dnssec is not set up properly?

I don't know how to configure dnssec for BIND (Berkeley Internet Name Domain toolset, whose DNS server component is "named").

ralf
Posts: 117
Joined: 2005/11/25 20:10:20

Re: 2600 lines of errors in logwatch "Named" section

Post by ralf » 2020/07/01 07:08:56

My main concern is more the number of lines with the random versions of addresses of the same main domain. This makes me believe "something" on my server is checking that main domain .... Any comments?

Post Reply

Return to “CentOS 8 - General Support”