ISPConfig unsual behavior!

Discussion in 'Installation/Configuration' started by cybereatl, Dec 24, 2006.

Page 2 of 2
  1. cybereatl

    cybereatl Member

    Hi there,

    Currently am running on that Fedora Core 4 and I've looked around /var/log and /etc/ but nothing is familiar for named log or daemon.log only named.conf

    Thank you ;)
     
    cybereatl, Feb 22, 2007
    #21
  2. martinfst

    martinfst ISPConfig Developer ISPConfig Developer

    Maybe on FC4 it's called 'bind' and not named? I tried FC4 around 3 years ago and got quickly rid of it. I just tried to install it to see if FC supported a new network chip on my motherboard. It didn't, so I went for Debian testing, which worked. But this has nothing to do with your problem. Alas I can't do much more specific for you. :confused:
     
    martinfst, Feb 22, 2007
    #22
  3. falko

    falko Super Moderator ISPConfig Developer

    Please check /var/log/syslog and /var/log/messages.
     
    falko, Feb 23, 2007
    #23
  4. cybereatl

    cybereatl Member

    I've checked /var/log/syslog and there is ni such file
    and /var/log/messages

    Feb 23 05:53:59 morticia sshd(pam_unix)[10180]: check pass; user unknown
    Feb 23 05:53:59 morticia sshd(pam_unix)[10180]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.50.74.31
    Feb 23 05:54:04 morticia sshd(pam_unix)[10184]: check pass; user unknown
    Feb 23 05:54:04 morticia sshd(pam_unix)[10184]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.50.74.31
    Feb 23 05:54:09 morticia sshd(pam_unix)[10186]: check pass; user unknown
    Feb 23 05:54:09 morticia sshd(pam_unix)[10186]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.50.74.31
    Feb 23 05:54:13 morticia sshd(pam_unix)[10191]: check pass; user unknown
    Feb 23 05:54:13 morticia sshd(pam_unix)[10191]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.50.74.31
    Feb 23 05:54:18 morticia sshd(pam_unix)[10193]: check pass; user unknown
    Feb 23 05:54:18 morticia sshd(pam_unix)[10193]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.50.74.31
    Feb 23 08:40:03 morticia named[2380]: unexpected RCODE (REFUSED) resolving '174.102.228.201.in-addr.arpa/PTR/IN': 200.21.200.79#53
    Feb 23 08:43:42 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 08:43:42 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 08:43:44 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 08:43:44 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 08:58:33 morticia named[2380]: unexpected RCODE (REFUSED) resolving '217.205.21.200.in-addr.arpa/PTR/IN': 200.21.200.79#53
    Feb 23 09:17:15 morticia named[2380]: unexpected RCODE (SERVFAIL) resolving 'NS.CT.CO.CR/A/IN': 196.40.62.209#53
    Feb 23 09:17:15 morticia named[2380]: unexpected RCODE (SERVFAIL) resolving 'NS.CT.CO.CR/AAAA/IN': 196.40.62.209#53
    Feb 23 09:17:15 morticia named[2380]: unexpected RCODE (SERVFAIL) resolving 'NS2.CT.CO.CR/A/IN': 196.40.62.209#53
    Feb 23 09:17:15 morticia named[2380]: unexpected RCODE (SERVFAIL) resolving 'NS2.CT.CO.CR/AAAA/IN': 196.40.62.209#53
    Feb 23 09:53:20 morticia sshd(pam_unix)[14764]: session opened for user root by (uid=0)
    Feb 23 10:19:27 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 10:19:28 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 10:19:29 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 10:19:29 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 11:13:47 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 11:13:47 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 11:13:48 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 11:13:48 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 11:20:02 morticia pop(pam_unix)[16662]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=200.89.230.205 user=web2_ea
    Feb 23 11:20:04 morticia ipop3d[16662]: Login failed user=web2_ea auth=web2_ea host=[200.89.230.205]
    Feb 23 11:20:08 morticia ipop3d[16662]: Logout user=web2_ea host=[200.89.230.205]
    Feb 23 11:36:46 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 11:36:46 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 11:36:48 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 11:36:48 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 12:09:30 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 12:09:31 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 12:09:31 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 12:09:31 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 12:20:10 morticia pop(pam_unix)[17978]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=200.89.230.205 user=web2_ea
    Feb 23 12:20:12 morticia ipop3d[17978]: Login failed user=web2_ea auth=web2_ea host=[200.89.230.205]
    Feb 23 12:20:15 morticia ipop3d[17978]: Logout user=web2_ea host=[200.89.230.205]
    Feb 23 12:35:17 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.101#53
    Feb 23 12:35:18 morticia named[2380]: FORMERR resolving 'host.globalworldhosting.net/MX/IN': 209.59.131.102#53
    Feb 23 13:20:18 morticia pop(pam_unix)[19152]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=200.89.230.205 user=web2_ea
    Feb 23 13:20:20 morticia ipop3d[19152]: Login failed user=web2_ea auth=web2_ea host=[200.89.230.205]
    Feb 23 13:20:23 morticia ipop3d[19152]: Logout user=web2_ea host=[200.89.230.205]
    Feb 23 14:20:26 morticia pop(pam_unix)[20282]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=200.89.230.205 user=web2_ea
    Feb 23 14:20:28 morticia ipop3d[20282]: Login failed user=web2_ea auth=web2_ea host=[200.89.230.205]
    Feb 23 14:20:31 morticia ipop3d[20282]: Logout user=web2_ea host=[200.89.230.205]
    Feb 23 14:27:44 morticia sshd(pam_unix)[20415]: session opened for user root by (uid=0)

    Well there is a lot of content!

    Don't know what to look! :eek:
     
    cybereatl, Feb 23, 2007
    #24
  5. falko

    falko Super Moderator ISPConfig Developer

    What's in your named.conf?
     
    falko, Feb 24, 2007
    #25
  6. cybereatl

    cybereatl Member

    options {
    pid-file "/var/named/chroot/var/run/named/named.pid";
    directory "/var/named/chroot/var/named";
    auth-nxdomain no;
    /*
    * If there is a firewall between you and nameservers you want
    * to talk to, you might need to uncomment the query-source
    * directive below. Previous versions of BIND always asked
    * questions using port 53, but BIND 8.1 uses an unprivileged
    * port by default.
    */
    // query-source address * port 53;
    };

    //
    // a caching only nameserver config
    //
    zone "." {
    type hint;
    file "named.ca";
    };

    zone "0.0.127.in-addr.arpa" {
    type master;
    file "named.local";
    };

    zone "230.89.200.in-addr.arpa" {
    type master;
    file "pri.230.89.200.in-addr.arpa";
    };


    zone "asesoriasit.net" {
    type master;
    file "pri.asesoriasit.net";
    };
    zone "educandote.edu.co" {
    type master;
    file "pri.educandote.edu.co";
    };
    zone "educandote.info" {
    type master;
    file "pri.educandote.info";
    };
    zone "educandote.net" {
    type master;
    file "pri.educandote.net";
    };
    zone "educandote.tv" {
    type master;
    file "pri.educandote.tv";
    };
    zone "visualeventos.com" {
    type master;
    file "pri.visualeventos.com";
    };
    zone "candelariamultieventos.com" {
    type master;
    file "pri.candelariamultieventos.com";
    };
    zone "jacocomputacion.com" {
    type master;
    file "pri.jacocomputacion.com";
    };
    zone "tics-col.com" {
    type master;
    file "pri.tics-col.com";
    };
    zone "dianasiachoque.net" {
    type master;
    file "pri.dianasiachoque.net";
    };
    zone "elieceracevedo.net" {
    type master;
    file "pri.elieceracevedo.net";
    };
    zone "mercocentrocr.com" {
    type master;
    file "pri.mercocentrocr.com";
    };
    zone "ticsenlinea.com" {
    type master;
    file "pri.ticsenlinea.com";
    };
    zone "proagronet.com" {
    type master;
    file "pri.proagronet.com";
    };
    zone "mundoilustraciones.com" {
    type master;
    file "pri.mundoilustraciones.com";
    };

    zone "acui.org.co" {
    type master;
    file "acui.org.co";
    };

    zone "acui.info" {
    type master;
    file "acui.info";
    };


    //// MAKE MANUAL ENTRIES BELOW THIS LINE! ////

    I've removed some sites as well, and as soon as I do so, the site educandote.edu.co goes offline and after 2 or 3 hours get back online!!

    I more than sure that is a DNS problem!!!

    Thank you :confused:
     
    cybereatl, Feb 28, 2007
    #26
Page 2 of 2

Share This Page