dev*_*per 24 networking linux ipv6 bind
我的 Centos 消息日志文件中有很多网络无法访问的行。他们似乎无法解析某些地址,我不知道为什么我的服务器首先必须解析它们。谁能让我知道这种错误的起源?我受到攻击了吗?
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:48::1#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::19#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:2f::f#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:2f::f#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:1::803f:235#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:1::803f:235#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:503:c27::2:30#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:503:c27::2:30#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:1a::1#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::20#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:60::29#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns1.isc.ultradns.net/A/IN': 2001:7fd::1#53
Oct 23 11:39:03 server named[1585]: error (network unreachable) resolving 'ns1.isc.ultradns.net/AAAA/IN': 2001:7fd::1#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'ns2.isc.ultradns.net/A/IN': 2610:a1:1014::e8#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.org/A/IN': 2001:500:e::1#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.org/AAAA/IN': 2001:500:e::1#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.org/A/IN': 2001:500:40::1#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.org/AAAA/IN': 2001:500:40::1#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.org/AAAA/IN': 2001:502:4612::e8#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.info/AAAA/IN': 2610:a1:1016::e8#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.info/A/IN': 2610:a1:1016::e8#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.co.uk/AAAA/IN': 2610:a1:1017::e8#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.biz/A/IN': 2610:a1:1015::e8#53
Oct 23 11:39:04 server named[1585]: error (network unreachable) resolving 'pdns196.ultradns.com/AAAA/IN': 2001:502:f3ff::e8#53
Oct 23 11:39:04 server named[1585]: client 93.113.174.225#46368: query (cache) 'adobe.com/A/IN' denied
Oct 23 11:39:04 server named[1585]: client 93.113.174.225#23736: query (cache) 'adobe.com/A/IN' denied
Oct 23 11:39:04 server lfd[1196]: SYSLOG check [Lga6AZUNsgZGaVQX]
顺便说一句,我的named.conf 的选项如下所示,如果它们有帮助的话:
options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
allow-recursion { localnets; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
请帮忙!
jjm*_*tes 32
所有地址都是 IPv6。似乎是 IPv6 问题,您可能没有配置 IPv6 网络。在绑定中禁用 IPv6 支持:
编辑 /etc/sysconfig/named 并设置:
OPTIONS="-4"
然后重启绑定:
service named restart
(来自http://crashmag.net/disable-ipv6-lookups-with-bind-on-rhel-or-centos)
你受到攻击了吗?我认为你没有受到损害。这些消息可能是正常的,具体取决于您正在运行的服务(无论如何,任何服务器总是受到某种攻击,人们扫描互联网并尝试在每台服务器上进行攻击)。
miv*_*ivk 15
值得注意的是,在带有 systemd 的 Debian Jessie 中,-4选项 in/etc/default/bind9可能会被忽略。参见错误 #767798。
在这种情况下,您需要修改 systemdbind9.service文件:
移动 bind9.service 以避免它在更新时被覆盖
cd /etc/systemd
find . -name "bind*" -delete
cp /lib/systemd/system/bind9.service system/
编辑system/bind9.service以使用/etc/default/bind9.
$EDITOR system/bind9.service
添加EnvironmentFile=-/etc/default/bind9和修改ExecStart以包含$OPTIONS. (我删除了-u bind,因为在 Debian 上,它已经包含在 中$OPTIONS)
确保保留-fsystemd 所需的选项。请参阅此diff示例:
# diff -u1 /lib/systemd/system/bind9.service /etc/systemd/system/bind9.service
--- /lib/systemd/system/bind9.service 2015-12-14 21:12:28.000000000 +0100
+++ /etc/systemd/system/bind9.service 2016-02-08 15:34:59.634891951 +0100
@@ -6,3 +6,4 @@
[Service]
-ExecStart=/usr/sbin/named -f -u bind
+EnvironmentFile=-/etc/default/bind9
+ExecStart=/usr/sbin/named -f $OPTIONS
ExecReload=/usr/sbin/rndc reload
最后
systemctl reenable bind9.service
service bind9 restart
对于 16.04 以上的 ubuntu 命令: sudo vi /etc/default/bind9
OPTIONS="-4 -u bind"
| 归档时间: |
|
| 查看次数: |
102753 次 |
| 最近记录: |