BIND9 DNS Not Working

Discussion in 'Installation/Configuration' started by Xendi, Aug 7, 2017.

  1. Xendi

    Xendi New Member

    This is my first experience with ISPConfig. I can't get DNS to work. I will describe everything...

    OS: Ubuntu 16.04
    ISPConfig Version: 3.1.6
    Output of dig @localhost any mydomain.com:
    Code:
    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost any mydomain.com
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15551
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;mydomain.com.              IN      ANY
    
    ;; Query time: 3000 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Aug 07 07:20:01 UTC 2017
    ;; MSG SIZE  rcvd: 45
    UFW Firewall is enabled and all standard ports (Including 53 TCP & UDP) are open. Here's IPTables: hastebin.com/oruqinadun.sql

    Here's UFW:
    [​IMG]
    I am to connect to port 53 via telnet using any of the IPs of my server (There are 3 IPs). If I run rndc dumpdb -all && cat /var/cache/bind/named_dump.db I do see mydomain.com zone in the output file named_dump.db. However, some records seem to be missing. I see the A and NS records for ns1 and ns2 and the A record for mydomain.com. I don't see www and the A record for the hostname (web1.mydomain.com) or any other. I do have the proper glue records at my registrar for ns1 and ns2. I keep checking whatsmydns.net/#A/ns1.mydomain.com and for days it has only showed two locations on the other side of the world with the correct IP address for the record. It's not being properly cached at all other places. I think it's some fluke that it works for those 2. My glue records have been in place for going on 3 days now so it's not that. Something is wrong on my server.

    I have listed my domain and some of the records here as to not post it in the main thread: hastebin.com/vomebarepo.css

    need help! much appreciated.
     
    Last edited: Aug 7, 2017
  2. Tuumke

    Tuumke Active Member

    At the ISP where you bought the domain, where did you point the NS to? Did you point them to your ISPConfig?
    Doing a DIG on your domain and the nameservers, i do get a record, but it contains no ip adress. So when browsing to the domain, my system does not know where to go.
     
  3. Xendi

    Xendi New Member

    At my registrar, I set the glue records to 2 IP addresses of my server:
    ns1: 173.255.229.167
    ns2: 172.104.10.208

    In my ISPConfig, I added A records for ns1 and ns2. For my main domain at the registrar, I changed the custom nameservers to my ns1 and ns2.
     
  4. Tuumke

    Tuumke Active Member

    How long ago did you do this?
    And are you running mutli-server setup (panel,mail,web,db,dns1,dsn2) or single (panel-web-mail-db-dns1,dns2)?
     
  5. Xendi

    Xendi New Member

    I did the glue records about 3 days ago. I put the server up a few hours ago. It's 1 server. I'm trying to get it all to work on 1 server before I go and cluster the DNS.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    There is a problem in the local dns record. Post a screenshot of the records page of the dns zone that you created. The most common issues are missing A-records for the NS records or you missed to add a dot after a FQDN.
     
  7. Xendi

    Xendi New Member

    Here is the DNS zone in ISPConfig:

    [​IMG]
    The MX and NS records have . after them.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    This looks fine so far, it should return the zone when you run this command on the server itself:

    dig @localhost synthetisoft.com
     
  9. Xendi

    Xendi New Member

    It doesn't though. I get this:

    Code:
    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost synthetisoft.com
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1183
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;synthetisoft.com.              IN      A
    
    ;; Query time: 3000 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Aug 08 10:10:32 UTC 2017
    ;; MSG SIZE  rcvd: 45
    
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Does the zone file of this zne in /etc/bind/ has a .err file ending?
    Is the zone file included in the /etc/bind/named.conf.local file?
     
  11. Xendi

    Xendi New Member

    Let's see what we have....
    Code:
    root@web1:/etc/bind# ls -l
    total 68
    -rw-r--r-- 1 root root 2389 Jun 29 13:34 bind.keys
    -rw-r--r-- 1 root root  237 Jun 29 13:34 db.0
    -rw-r--r-- 1 root root  271 Jun 29 13:34 db.127
    -rw-r--r-- 1 root root  237 Jun 29 13:34 db.255
    -rw-r--r-- 1 root root  353 Jun 29 13:34 db.empty
    -rw-r--r-- 1 root root  270 Jun 29 13:34 db.local
    -rw-r--r-- 1 root root 3171 Jun 29 13:34 db.root
    -rw-r--r-- 1 root bind  616 Aug  7 13:00 Ksynthetisoft.com.+007+15938.key
    -rw------- 1 root bind 1779 Aug  7 13:00 Ksynthetisoft.com.+007+15938.private
    -rw-r--r-- 1 root bind  463 Jun 29 13:34 named.conf
    -rw-r--r-- 1 root bind  490 Jun 29 13:34 named.conf.default-zones
    -rw-r--r-- 1 root bind    1 Aug  7 08:25 named.conf.local
    -rw-r--r-- 1 root bind  933 Aug  7 05:49 named.conf.options
    -rw-r--r-- 1 root bind  867 Aug  7 08:25 pri.synthetisoft.com
    -rw-r----- 1 bind bind   77 Aug  7 05:48 rndc.key
    drwxrws--- 2 root bind 4096 Aug  7 05:49 slave
    -rw-r--r-- 1 root root 1317 Jun 29 13:34 zones.rfc1918
    ------------------------
    Code:
    root@web1:/etc/bind# cat pri.synthetisoft.com
    $TTL        3600
    @       IN      SOA     ns1.synthetisoft.com. admin.synthetisoft.com. (
                            2017080719       ; serial, todays date + todays serial #
                            7200              ; refresh, seconds
                            540              ; retry, seconds
                            604800              ; expire, seconds
                            3600 )            ; minimum, seconds
    ;
    
    synthetisoft.com. 3600 A        45.79.179.150
    www 3600 A        45.79.179.150
    mail 3600 A        45.79.179.150
    synthetisoft.com. 3600      NS        ns1.synthetisoft.com.
    synthetisoft.com. 3600      NS        ns2.synthetisoft.com.
    synthetisoft.com. 3600      MX    10   mail.synthetisoft.com.
    synthetisoft.com. 3600      TXT        "v=spf1 mx a ~all"
    ns1 3600 A        173.255.229.167
    ns2 3600 A        172.104.10.208
    web1 3600 A        45.79.179.150
    
    -------------------------
    named.conf.local is empty.

    Code:
    root@web1:/etc/bind# cat named.conf.options
    options {
            directory "/var/cache/bind";
    
            // If there is a firewall between you and nameservers you want
            // to talk to, you may need to fix the firewall to allow multiple
            // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
    
            // If your ISP provided one or more IP addresses for stable
            // nameservers, you probably want to use them as forwarders. 
            // Uncomment the following block, and insert the addresses replacing
            // the all-0's placeholder.
    
            // forwarders {
            //      0.0.0.0;
            // };
    
            //========================================================================
            // If BIND logs error messages about the root key being expired,
            // you will need to update your keys.  See https://www.isc.org/bind-keys
            //========================================================================
            dnssec-enable yes;
            dnssec-validation yes;
            dnssec-lookaside auto;
    
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
    };
    ---------------------------
    Code:
    root@web1:/etc/bind# cat named.conf
    // This is the primary configuration file for the BIND DNS server named.
    //
    // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
    // structure of BIND configuration files in Debian, *BEFORE* you customize
    // this configuration file.
    //
    // If you are just adding zones, please do that in /etc/bind/named.conf.local
    
    include "/etc/bind/named.conf.options";
    include "/etc/bind/named.conf.local";
    include "/etc/bind/named.conf.default-zones";
    if I do rndc dumpdb -all I get the following matches for "synth" in my /var/cache/bind/named_dump.db:

    Code:
    synthetisoft.com.       71597   NS      ns1.synthetisoft.com.
                            71597   NS      ns2.synthetisoft.com.
    ; glue
    ns1.synthetisoft.com.   71597   A       173.255.229.167
    ; glue
    ns2.synthetisoft.com.   71597   A       172.104.10.208
    ; glue
    
    
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    looks fine so far. Please post the content of:

    /etc/bind/named.conf.local
     
  13. Xendi

    Xendi New Member

    That file is empty
     
  14. Xendi

    Xendi New Member

    Also, when I click notifications in ISPConfig, I see this:
    [​IMG]
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    This means that the ispconfig root server.sh cronjob is not running.
     
  16. Xendi

    Xendi New Member

    ah. I see that ispconfig doesn't use standard cron. how do I fix this?
     
  17. Xendi

    Xendi New Member

    I also turned on debug logging but don't see anything in Monitor overview but I do see in System Messages:
    Code:
    Aug  8 13:15:52 web1 named[3711]: client 172.217.32.132#36536 (synthetisoft.com): query (cache) 'synthetisoft.com/NS/IN' denied
    Aug  8 13:15:52 web1 named[3711]: client 172.217.32.141#52627 (synthetisoft.com): query (cache) 'synthetisoft.com/TXT/IN' denied
    Aug  8 13:15:52 web1 named[3711]: client 74.125.190.6#57494 (synthetisoft.com): query (cache) 'synthetisoft.com/MX/IN' denied
    Aug  8 13:15:52 web1 named[3711]: client 74.125.190.27#35239 (synthetisoft.com): query (cache) 'synthetisoft.com/SOA/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 172.217.32.129#33390 (synthetisoft.com): query (cache) 'synthetisoft.com/NS/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 74.125.190.7#51827 (synthetisoft.com): query (cache) 'synthetisoft.com/TXT/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 74.125.190.29#54333 (synthetisoft.com): query (cache) 'synthetisoft.com/MX/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 172.217.32.129#43497 (synthetisoft.com): query (cache) 'synthetisoft.com/SOA/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 172.217.32.142#57719 (synthetisoft.com): query (cache) 'synthetisoft.com/NS/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 172.217.32.137#46322 (synthetisoft.com): query (cache) 'synthetisoft.com/TXT/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 172.217.32.129#64940 (synthetisoft.com): query (cache) 'synthetisoft.com/MX/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 74.125.190.7#52674 (synthetisoft.com): query (cache) 'synthetisoft.com/SOA/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 172.217.32.138#36252 (synthetisoft.com): query (cache) 'synthetisoft.com/NS/IN' denied
    Aug  8 13:15:53 web1 named[3711]: client 172.217.32.137#58836 (synthetisoft.com): query (cache) 'synthetisoft.com/TXT/IN' denied
    Aug  8 13:15:56 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:15:56 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:15:56 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:15:56 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:15:56 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:16:01 web1 CRON[6368]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:16:01 web1 CRON[6367]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:16:08 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:aa:c1:08:00 SRC=31.162.134.128 DST=172.104.10.208 LEN=40 TOS=0x08 PREC=0x20 TTL=50 ID=16638 PROTO=TCP SPT=56042 DPT=23 WINDOW=63426 RES=0x00 SYN URGP=0
    Aug  8 13:16:16 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:16:16 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:16:16 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:16:16 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:16:16 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:16:33 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=222.188.98.42 DST=173.255.229.167 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=52578 PROTO=TCP SPT=15316 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
    Aug  8 13:16:36 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:16:36 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:16:36 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:16:36 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:16:36 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:16:56 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=5.141.204.87 DST=45.79.179.150 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=5488 PROTO=TCP SPT=50130 DPT=23 WINDOW=33710 RES=0x00 SYN URGP=0
    Aug  8 13:16:58 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:16:59 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:16:59 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:16:59 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:16:59 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:17:01 web1 CRON[6415]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
    Aug  8 13:17:01 web1 CRON[6416]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:17:01 web1 CRON[6421]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:17:13 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=71.6.146.185 DST=173.255.229.167 LEN=40 TOS=0x08 PREC=0x20 TTL=113 ID=64983 PROTO=TCP SPT=20012 DPT=8443 WINDOW=54239 RES=0x00 SYN URGP=0
    Aug  8 13:17:19 web1 postfix/anvil[4408]: statistics: max connection rate 4/60s for (submission:46.183.220.71) at Aug  8 13:07:53
    Aug  8 13:17:19 web1 postfix/anvil[4408]: statistics: max connection count 1 for (submission:46.183.220.71) at Aug  8 13:07:38
    Aug  8 13:17:21 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=222.209.200.74 DST=45.79.179.150 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=40383 PROTO=TCP SPT=57087 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
    Aug  8 13:17:24 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    
     
  18. Xendi

    Xendi New Member

    continued:
    Code:
    Aug  8 13:17:24 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:17:24 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:17:24 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:17:24 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:17:31 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=112.213.88.247 DST=172.104.10.208 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=38130 PROTO=TCP SPT=53762 DPT=2222 WINDOW=19929 RES=0x00 SYN URGP=0
    Aug  8 13:17:31 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=201.173.64.62 DST=173.255.229.167 LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=20732 PROTO=TCP SPT=65019 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
    Aug  8 13:17:46 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:17:46 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:17:46 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:17:46 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:17:46 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:17:52 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=188.158.180.66 DST=172.104.10.208 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=62507 PROTO=TCP SPT=53077 DPT=23 WINDOW=65535 RES=0x00 SYN URGP=0
    Aug  8 13:18:01 web1 CRON[6443]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:18:01 web1 CRON[6444]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:18:06 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:18:07 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:18:07 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:18:07 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:18:07 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:18:30 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=31.206.219.44 DST=173.255.229.167 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12701 PROTO=TCP SPT=42745 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
    Aug  8 13:18:31 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:18:31 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:18:31 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:18:33 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:18:33 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:18:50 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:18:50 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:18:50 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:18:50 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:18:50 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:19:01 web1 CRON[6467]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:19:01 web1 CRON[6466]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:19:10 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:aa:c1:08:00 SRC=123.249.12.233 DST=45.79.179.150 LEN=36 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=47442 DPT=123 LEN=16
    Aug  8 13:19:12 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:19:12 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:19:12 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:19:12 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:19:12 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:19:14 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:aa:c1:08:00 SRC=51.15.37.31 DST=45.79.179.150 LEN=433 TOS=0x08 PREC=0x20 TTL=50 ID=47788 DF PROTO=UDP SPT=5553 DPT=5095 LEN=413
    Aug  8 13:19:23 web1 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:91:fb:bb:02:84:78:ac:57:a8:41:08:00 SRC=91.211.2.108 DST=173.255.229.167 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=35755 PROTO=TCP SPT=48236 DPT=6000 WINDOW=1024 RES=0x00 SYN URGP=0
    Aug  8 13:19:37 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:19:38 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:19:38 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:19:38 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:19:38 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:19:56 web1 postfix/submission/smtpd[5930]: warning: unknown[46.183.220.71]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Aug  8 13:19:56 web1 postfix/submission/smtpd[5930]: lost connection after AUTH from unknown[46.183.220.71]
    Aug  8 13:19:56 web1 postfix/submission/smtpd[5930]: disconnect from unknown[46.183.220.71] ehlo=2 starttls=1 auth=0/1 commands=3/4
    Aug  8 13:19:56 web1 postfix/submission/smtpd[5930]: warning: hostname ip-220-71.dataclub.biz does not resolve to address 46.183.220.71: Name or service not known
    Aug  8 13:19:56 web1 postfix/submission/smtpd[5930]: connect from unknown[46.183.220.71]
    Aug  8 13:20:01 web1 CRON[6480]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:20:01 web1 CRON[6481]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Aug  8 13:20:01 web1 CRON[6482]: (getmail) CMD (/usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null)
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig uses the standard Linux cron system of your server and the entries of the server.sh are in the root crontab. You can check and edit the root crontab on a Linux system with the command:

    crontab -e
     
  20. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page