LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-05-2009, 09:00 AM   #1
cipher7836
Member
 
Registered: Dec 2008
Posts: 35

Rep: Reputation: 15
BIND Issue With Timeouts?


We use Nagios to monitor our DNS server. We kept getting timeout notifications that the DNS service wasn't working. A minute later a follow up notification would be sent that the DNS recovered and was working again. At first I thought it was a Nagios problem. But it seems as if Nagios is running correctly.

Now I'm tasked with trying to find out if the DNS server is slowing queries down, or not resolving them. I hae no idea where to start with this. I checked the logs, and changed my Windows box to use the DNS server as its primary DNS. I figured that would show me if there is a slow down on name resolution. Any other ideas?
 
Old 08-05-2009, 12:13 PM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
It might be CPU load on the DNS server causing the timeout. Recently I saw some people hammering my DNS server and causing the load to go up (you can see load with the "top" command).

You can test your DNS server using the dig command.

e.g. dig @<dnsservername> <sitename>

Part of the output will include "querytime".

You don't say what OS your DNS server is running on - you mention BIND in the subject but don't say what version. There is a new exploit of BIND 9.x just announced last week. There was a rather serious one announced last year as well. If you haven't fixed either of those and/or are allowing cache and recursive lookups from outside your organization you're likely being targeted by hackers and spammers because they see you as an open door.
 
Old 08-06-2009, 08:15 AM   #3
cipher7836
Member
 
Registered: Dec 2008
Posts: 35

Original Poster
Rep: Reputation: 15
Bind Version

We're running Bind version: 9.5.0-P2 on Debian 4.1.1-21.
 
Old 08-06-2009, 08:59 AM   #4
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 5,950
Blog Entries: 5

Rep: Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755Reputation: 755
The announcement below was on the ISC mailing list last week. ISC makes BIND. To avoid the exploit I mentioned you should be a BIND 9.5.1-P3 instead of P2.

However if you got your BIND from Debian repositories it is possible they do backporting for security fixes like RedHad does. I don't use Debian for BIND so don't know. If not you'll have to download and build it yourself. Make sure you backup what you already have first if you go that route.

Quote:
From: bind-announce-bounces@lists.isc.org [mailto:bind-announce-bounces@lists.isc.org] On Behalf Of Evan Hunt
Sent: Thursday, July 30, 2009 11:45 AM
To: bind-announce@isc.org
Subject: ISC BIND 9.5.1-P3 is now available (resend)


A mailing list problem caused this announcement to be sent only to
bind-users and bind-workers; I am resending it to bind-announce.

BIND 9.5.1-P3 is now available.

BIND 9.5.1-P3 is the THIRD SECURITY PATCH for BIND 9.5.1. It addresses a
denial-of-service bug in which a malformed UPDATE packet caused named to
crash.

Bugs should be reported to bind9-bugs@isc.org.

BIND 9.5.1-P3 can be downloaded from:

ftp://ftp.isc.org/isc/bind9/9.5.1-P3....5.1-P3.tar.gz

PGP signatures of the distribution are at:

ftp://ftp.isc.org/isc/bind9/9.5.1-P3...-P3.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.5.1-P3....gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.1-P3....gz.sha512.asc

The signatures were generated with the ISC public key, which is
available at https://www.isc.org/about/openpgp

A binary kit for Windows XP, Windows 2003 and Windows 2008 is at:

ftp://ftp.isc.org/isc/bind9/9.5.1-P3/BIND9.5.1-P3.zip
ftp://ftp.isc.org/isc/bind9/9.5.1-P3...1-P3.debug.zip

PGP signatures of the binary kit are at:

ftp://ftp.isc.org/isc/bind9/9.5.1-P3...5.1-P3.zip.asc
ftp://ftp.isc.org/isc/bind9/9.5.1-P3...zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.1-P3...zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.5.1-P3....debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.5.1-P3...zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.1-P3...zip.sha512.asc

Changes since 9.5.1-P2:

2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]

--
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.

Last edited by MensaWater; 08-06-2009 at 09:00 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND / rndc issue KeeblerElfMatt Linux - Server 1 05-27-2009 02:31 AM
BIND 9 CNAME propagation issue rahmad Linux - Server 5 08-15-2008 02:35 AM
Bind issue reaky Linux - Server 1 04-22-2008 02:30 AM
Starting BIND issue DanielTan Linux - General 2 08-28-2005 10:20 AM
Bind Dns Issue?? treedstang Linux - Networking 2 07-04-2004 01:09 AM


All times are GMT -5. The time now is 03:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration