[PLUG] named errors with "Bad cache, hit", "Unable to fina DNSKEY" etc. with Bulgarian servers
drew wymore
drew.wymore at gmail.com
Mon Jul 12 17:10:49 UTC 2010
On Mon, Jul 12, 2010 at 9:37 AM, Bill Thoen <bthoen at gisnet.com> wrote:
> Recently, I started seeing errors like the following (see below) in the
> named section of my Logwatch log. Googling for help on it turned up
> another message with the same symtom, but the only response was "run rpm
> -q bind dnssec-conf unbound and tell us what it says. Since there was no
> follow-up, I still don't know what's happening or what to do about it.
> Looking at which servers that are affected by this makes me wonder if I
> should care. With names like btc-net.bg, ekk-bg, powernet.bg, comnet.bg,
> icon.bg, etc. they look like spammers to me and maybe I should just
> ignore them. I just don't like to see line and lines of error messages
> in my logfiles every day that I don't understand.
>
> Anyway here's my system details:
> [root at www ~]# uname -a
> Linux www.gisnet.com 2.6.30.10-105.2.23.fc11.x86_64 #1 SMP Thu Feb 11
> 07:06:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
>
> And here's the results of what they asked that other guy:
> [root at www ~]# rpm -q bind dnssec-conf unbound
> bind-9.6.2-4.P2.fc11.x86_64
> package dnssec-conf is not installed
> unbound-1.4.4-2.fc11.x86_64
> (unless I _need_ to install this, I just as soon not. I'm trying to
> limit the files on my system to just the ones that I need.)
>
> Next, before I put a copy of my named.conf file in a public forum, are
> there any security issues I need to know about before I do something dumb?
>
> And finally , this all started just a few days ago, and it's happening
> to other people too. As far as I know, I don't have any reason to have
> anything to do with these busy Bulgarian servers, so is there an easy
> way to just stop them at the door before they even get far enough to
> trigger these errors?
> TIA,
> - Bill Thoen
>
> Partial Error listing from my Logwacth log:
>
> validating @0x7fc04806c240: btc-net.bg SOA: bad cache hit (btc-net.bg/DS): 1 Time(s)
> validating @0x7fc04806c240: ekk.bg SOA: bad cache hit (ekk.bg/DS): 2 Time(s)
> validating @0x7fc04806c240: powernet.bg SOA: bad cache hit (powernet.bg/DS): 1 Time(s)
> validating @0x7fc050411f60: comnet.bg SOA: bad cache hit (comnet.bg/DS): 1 Time(s)
> validating @0x7fc050416d70: comnet.bg SOA: bad cache hit (comnet.bg/DS): 1 Time(s)
> validating @0x7fc05076c4f0: comnet.bg SOA: bad cache hit (comnet.bg/DS): 1 Time(s)
> validating @0x7fc0507fc550: comnet.bg SOA: bad cache hit (comnet.bg/DS): 1 Time(s)
> validating @0x7fc0507fe570: btc-net.bg SOA: bad cache hit (btc-net.bg/DS): 1 Time(s)
> validating @0x7fc048014970: bg DNSKEY: please check the 'trusted-keys' for 'bg' in named.conf.: 1 Time(s)
> validating @0x7fc048014970: bg DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'bg': 1 Time(s)
> validating @0x7fc048014970: icon.bg NS: bad cache hit (icon.bg/DS): 1 Time(s)
> validating @0x7fc048019650: bg DNSKEY: please check the 'trusted-keys' for 'bg' in named.conf.: 1 Time(s)
> validating @0x7fc048019650: bg DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'bg': 1 Time(s)
> validating @0x7fc048020690: bg DNSKEY: please check the 'trusted-keys' for 'bg' in named.conf.: 6 Time(s)
> validating @0x7fc048020690: bg DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'bg': 6 Time(s)
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
Probably nothing to worry about, just remove any security stuff from
the named.conf and post it
Drew-
More information about the PLUG
mailing list