Hi, My Bind configuration just broken itself, and i don't know why. Suddenly all my sites was not accessible, i restarted Bind and i can see its only listen on 127.0.0.1 So i make a change in named.conf.options Code: listen-on-v6 { ::1; }; listen-on { 127.0.0.1; }; allow-recursion { 127.0.0.1; ::1; }; And everything was back to normal. The question is why Bind stopped to listen outside ?
And what did you change to make bind listen not only to localhost? If you only use listen-on { 127.0.0.1; }; bind will ONLY accept local-queries. To check the ip bind listens on: lsof -Pni :53
Additionally to florians questions: IPCnfig is not altering the file named.conf.options, so if it was changed, then either a admin on the system must have changed it manually or by using another software like webmin.
I changed listen-on { 127.0.0.1; }; With my ip. I was thinking about a ispconfig cron, because i am the only admin on the server and i did not change anything in the configuration the last 2 days. No intrusion in the system, & i get many protection (htaccess on ispconfig admin, ssh port changed, auth with public key,...) Btw, in the meantime Bind stopped to work, i've got a flood of this error (x7, for each sites on the server i guess) : Code: CA path error, file does not exist:admin/openssl.cnf Which refer to this post : http://www.howtoforge.com/forums/showthread.php?t=63692 Dunno if it's linked, but happened at the same time. And the last error i get is : Code: named[2738]: error (unexpected RCODE SERVFAIL) resolving 'domain.net/A/IN': 2001:41d0:1:4a8d::1#53 named[2738]: error (connection refused) resolving 'domain.net/A/IN': 37.59.52.191#53 (The domain is mine, and the error happened only 1 time) Keep looking, but no answer so far.
ISPConfig is not altering the named.conf.options file at all, so your issue is not ispconfig related. If this file was altered, then either you, anoher admin of the system or another software must have altered it. But whats more likely is that the file was not altered, instead your server was attacked by a bind recusion attack and you stopped it by inserting these lines, the bropblem is now that you closed bind completely which causes your domains to fail. Restore the original named.conf option file and insert just this additional line: allow-recursion { 127.0.0.1; ::1; }; and then restart bind.
All my domains suddenly stopped to work after the two errors i mentioned. But i did not created the problem (which make my domains stop working) So if the basic state of named.conf.options is Code: dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { ::1; }; listen-on { 127.0.0.1; }; allow-recursion { 127.0.0.1; ::1; }; To be clear, my actual named.conf.options is : Code: dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { ::1; }; listen-on { my.server.ip; }; allow-recursion { 127.0.0.1; ::1; }; So, why i needed to change listen-on to make it work (if it's the default configuration) ? I mean, if Bind was using another file before that thing happen. And if forgot to mention a weird issue, when the problem happened, one of my domain has been removed from the DNS list on ispconfig.. (the one with the named error : named[2738]: error (unexpected RCODE SERVFAIL)...). lsof -Pni :53 return : Code: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME named 25262 bind 20u IPv4 5151971 0t0 TCP my.ip.address:53 (LISTEN) named 25262 bind 21u IPv6 5151973 0t0 TCP [::1]:53 (LISTEN) named 25262 bind 512u IPv4 5151970 0t0 UDP my.ip.address:53 named 25262 bind 513u IPv6 5151972 0t0 UDP [::1]:53 And Monit is longer able to monitor Bind for some reasons : Code: failed protocol test [DNS] at INET[localhost:53] via UDP -- DNS: error receiving response -- Connection refused
