At noon today my DNS server just kind of half died. It still resolves local names but not internet ones. I thought my internet was down but found it odd that I can still ping the gateway, and I could ping the ISP DNS server, and if I used NSlookup and set the DNS as the server, I could resolve hostnames. But I can't resolve anything external on the DNS server.
I also noticed when I restart it, I get this error:
OS is CentOS 6.10.
I don't even know where to start, what would cause this to happen suddenly? I tried rebooting the firewall (first thing I tried originally) and also the DNS server itself (physical machine).
I googled the unmount error but only getting results having to do with actual disk mount/umounting and nothing to do with named.
Edit:
Getting this in /var/log/messages too:
I'm I hacked? This almost sounds like cache poisoning or something. This DNS server does not face the internet though.
I also noticed when I restart it, I get this error:
Code:
service named restart
Stopping named: .umount: /var/named/chroot/var/named: device is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
[ OK ]
Starting named: [ OK ]
OS is CentOS 6.10.
I don't even know where to start, what would cause this to happen suddenly? I tried rebooting the firewall (first thing I tried originally) and also the DNS server itself (physical machine).
I googled the unmount error but only getting results having to do with actual disk mount/umounting and nothing to do with named.
Edit:
Getting this in /var/log/messages too:
Code:
Mar 25 15:15:27 hal9000 named[11221]: validating @0x7f88444f3380: uogateway.com SOA: bad cache hit (uogateway.com.dlv.isc.org/DLV)
Mar 25 15:15:27 hal9000 named[11221]: error (broken trust chain) resolving 'uogateway.com/AAAA/IN': 142.166.166.166#53
Mar 25 15:15:27 hal9000 named[11221]: validating @0x7f883c01e150: uogateway.com SOA: bad cache hit (uogateway.com.dlv.isc.org/DLV)
Mar 25 15:15:27 hal9000 named[11221]: validating @0x7f883c01ede0: uogateway.com A: bad cache hit (uogateway.com.dlv.isc.org/DLV)
Mar 25 15:15:27 hal9000 named[11221]: error (broken trust chain) resolving 'uogateway.com/AAAA/IN': 142.166.166.166#53
Mar 25 15:15:27 hal9000 named[11221]: error (broken trust chain) resolving 'uogateway.com/A/IN': 142.166.166.166#53
Mar 25 15:15:29 hal9000 named[11221]: validating @0x7f883404f510: ssl.empirehost.me A: bad cache hit (ssl.empirehost.me.dlv.isc.org/DLV)
Mar 25 15:15:29 hal9000 named[11221]: error (broken trust chain) resolving 'ssl.empirehost.me/A/IN': 142.166.166.166#53
Mar 25 15:15:34 hal9000 named[11221]: validating @0x7f883c01e150: ssl.empirehost.me A: bad cache hit (ssl.empirehost.me.dlv.isc.org/DLV)
Mar 25 15:15:34 hal9000 named[11221]: error (broken trust chain) resolving 'ssl.empirehost.me/A/IN': 142.166.166.166#53
Mar 25 15:15:39 hal9000 named[11221]: validating @0x7f883c0008c0: ssl.empirehost.me A: bad cache hit (ssl.empirehost.me.dlv.isc.org/DLV)
Mar 25 15:15:39 hal9000 named[11221]: error (broken trust chain) resolving 'ssl.empirehost.me/A/IN': 142.166.166.166#53
Mar 25 15:15:40 hal9000 named[11221]: validating @0x7f883c01e150: ipv6.microsoft.com SOA: bad cache hit (ipv6.microsoft.com.dlv.isc.org/DLV)
Mar 25 15:15:40 hal9000 named[11221]: error (broken trust chain) resolving 'teredo.ipv6.microsoft.com/A/IN': 142.166.166.166#53
Mar 25 15:15:44 hal9000 named[11221]: validating @0x7f88445320c0: localhost.stackoverflow.tech A: bad cache hit (localhost.stackoverflow.tech.dlv.isc.org/DLV)
Mar 25 15:15:44 hal9000 named[11221]: error (broken trust chain) resolving 'localhost.stackoverflow.tech/A/IN': 142.166.166.166#53
Mar 25 15:15:46 hal9000 named[11221]: validating @0x7f88400a2140: dlv.isc.org SOA: bad cache hit (dlv.isc.org/DNSKEY)
Mar 25 15:15:46 hal9000 named[11221]: validating @0x7f88400a2140: dlv.isc.org NSEC: bad cache hit (dlv.isc.org/DNSKEY)
Mar 25 15:15:46 hal9000 named[11221]: error (broken trust chain) resolving 'prod.flightaware.com.dlv.isc.org/DLV/IN': 47.55.55.55#53
Mar 25 15:15:46 hal9000 named[11221]: error (broken trust chain) resolving 'prod.flightaware.com/A/IN': 142.166.166.166#53
Mar 25 15:15:49 hal9000 named[11221]: validating @0x7f883c01e150: localhost.stackoverflow.tech A: bad cache hit (localhost.stackoverflow.tech.dlv.isc.org/DLV)
Mar 25 15:15:49 hal9000 named[11221]: error (broken trust chain) resolving 'localhost.stackoverflow.tech/A/IN': 142.166.166.166#53
Mar 25 15:15:50 hal9000 named[11221]: validating @0x7f883404f190: ipv6.microsoft.com SOA: bad cache hit (ipv6.microsoft.com.dlv.isc.org/DLV)
Mar 25 15:15:50 hal9000 named[11221]: error (broken trust chain) resolving 'teredo.ipv6.microsoft.com/A/IN': 142.166.166.166#53
Mar 25 15:15:51 hal9000 named[11221]: validating @0x7f8840081c90: prod.flightaware.com A: bad cache hit (prod.flightaware.com.dlv.isc.org/DLV)
Mar 25 15:15:51 hal9000 named[11221]: error (broken trust chain) resolving 'prod.flightaware.com/A/IN': 142.166.166.166#53
Mar 25 15:15:54 hal9000 named[11221]: validating @0x7f883c01e150: ssl.empirehost.me A: bad cache hit (ssl.empirehost.me.dlv.isc.org/DLV)
Mar 25 15:15:54 hal9000 named[11221]: error (broken trust chain) resolving 'ssl.empirehost.me/A/IN': 142.166.166.166#53
Mar 25 15:15:54 hal9000 named[11221]: validating @0x7f8844513730: ipv6.microsoft.com SOA: bad cache hit (ipv6.microsoft.com.dlv.isc.org/DLV)
Mar 25 15:15:54 hal9000 named[11221]: error (broken trust chain) resolving 'teredo.ipv6.microsoft.com/A/IN': 142.166.166.166#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f883404f190: dlv.isc.org SOA: bad cache hit (dlv.isc.org/DNSKEY)
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f883404f190: dlv.isc.org NSEC: bad cache hit (dlv.isc.org/DNSKEY)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com.dlv.isc.org/DLV/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/A/IN': 142.166.166.166#53
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/AAAA/IN': 142.166.166.166#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f883c01f160: iceteks.com A: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/A/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f883c0008c0: iceteks.com SOA: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/AAAA/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f883c01e150: iceteks.com A: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/A/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f883c041eb0: iceteks.com SOA: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/AAAA/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f88445320c0: iceteks.com A: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/A/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f88445432d0: iceteks.com SOA: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/AAAA/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f883c01e150: iceteks.com A: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/A/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f883c01e150: iceteks.com SOA: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/AAAA/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f88445432d0: iceteks.com A: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: validating @0x7f88444f3380: iceteks.com SOA: bad cache hit (iceteks.com.dlv.isc.org/DLV)
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/A/IN': 47.55.55.55#53
Mar 25 15:15:56 hal9000 named[11221]: error (broken trust chain) resolving 'iceteks.com/AAAA/IN': 47.55.55.55#53
Mar 25 15:15:57 hal9000 named[11221]: validating @0x7f883404e500: uogateway.com A: bad cache hit (uogateway.com.dlv.isc.org/DLV)
Mar 25 15:15:57 hal9000 named[11221]: error (broken trust chain) resolving 'uogateway.com/A/IN': 47.55.55.55#53
Mar 25 15:15:57 hal9000 named[11221]: validating @0x7f883c01e150: uogateway.com SOA: bad cache hit (uogateway.com.dlv.isc.org/DLV)
Mar 25 15:15:57 hal9000 named[11221]: error (broken trust chain) resolving 'uogateway.com/AAAA/IN': 47.55.55.55#53
Mar 25 15:15:57 hal9000 named[11221]: validating @0x7f883404e500: uogateway.com A: bad cache hit (uogateway.com.dlv.isc.org/DLV)
Mar 25 15:15:57 hal9000 named[11221]: error (broken trust chain) resolving 'uogateway.com/A/IN': 47.55.55.55#53
Mar 25 15:15:57 hal9000 named[11221]: validating @0x7f883404f190: uogateway.com SOA: bad cache hit (uogateway.com.dlv.isc.org/DLV)
Mar 25 15:15:57 hal9000 named[11221]: error (broken trust chain) resolving 'uogateway.com/AAAA/IN': 47.55.55.55#53
Mar 25 15:15:59 hal9000 named[11221]: validating @0x7f883c0008c0: ssl.empirehost.me A: bad cache hit (ssl.empirehost.me.dlv.isc.org/DLV)
Mar 25 15:15:59 hal9000 named[11221]: error (broken trust chain) resolving 'ssl.empirehost.me/A/IN': 47.55.55.55#53
Mar 25 15:15:59 hal9000 named[11221]: validating @0x7f8840081c90: ipv6.microsoft.com SOA: bad cache hit (ipv6.microsoft.com.dlv.isc.org/DLV)
Mar 25 15:15:59 hal9000 named[11221]: error (broken trust chain) resolving 'teredo.ipv6.microsoft.com/A/IN': 47.55.55.55#53
Mar 25 15:16:04 hal9000 named[11221]: validating @0x7f883404e500: localhost.stackoverflow.tech A: bad cache hit (localhost.stackoverflow.tech.dlv.isc.org/DLV)
Mar 25 15:16:04 hal9000 named[11221]: error (broken trust chain) resolving 'localhost.stackoverflow.tech/A/IN': 47.55.55.55#53
I'm I hacked? This almost sounds like cache poisoning or something. This DNS server does not face the internet though.
Last edited: