[Pdns-users] pdns stop responding and restarted himself

Otto Moerbeek otto at drijf.net
Thu Oct 19 10:52:29 UTC 2023 

On Thu, Oct 19, 2023 at 11:36:13AM +0200, Steffan via Pdns-users wrote:

> Hello,
> 
>  
> 
> I have 2 dns servers.
> Both running on centos with his own replicated mysql backends
> 
>  
> 
> Yesterday both dns servers stopped responding for 3 minutes.
> 
> In the periode of 3 minutes I see a lot of lines for the same domain.
> 
> Pdns that was restared by it self and again the fluid of this domain.
> 
>  
> 
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 91.202.230.18 wants
> 'lp2.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS
> 
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 46.51.160.145 wants
> 'ns34.xxx.com|A', do = 1, bufsize = 1232: packetcache MISS
> 
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 192.73.240.129 wants
> 'thai.xxx.com|A', do = 1, bufsize = 1232: packetcache MISS
> 
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 146.112.128.69 wants
> 'auth-hack.xxx.com|A', do = 1, bufsize = 1232 (1410): packetcache HIT
> 
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 117.54.16.252 wants
> 'payments.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS
> 
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 2a02:2f0e:5fff:ffff::2
> wants 'skyline.xxx.com|A', do = 1, bufsize = 1232 (4096): packetcache MISS
> 
> Oct 18 21:40:47 ns1 pdns_server[2135429]: Remote 2a04:c602:409:fe::27 wants
> 'app3.xxx.com|A', do = 1, bufsize = 1232: packetcache MISS

Logging each request is not wise, disabling that will probably make
your server be able to handle way more requests per sec.

	-Otto

> 
>  
> 
> After this:
> 
> Oct 18 21:42:36 ns1 systemd[1]: pdns.service: Service RestartSec=1s expired,
> scheduling restart.
> 
> Oct 18 21:42:36 ns1 systemd[1]: pdns.service: Scheduled restart job, restart
> counter is at 59.
> 
> Oct 18 21:42:36 ns1 systemd[1]: Stopped PowerDNS Authoritative Server.
> 
> Oct 18 21:42:36 ns1 systemd[1]: Starting PowerDNS Authoritative Server...
> 
> Oct 18 21:42:36 ns1 rsyslogd[795583]: imjournal: 102527 messages lost due to
> rate-limiting (20000 allowed within 600 seconds)
> 
> Oct 18 21:42:36 ns1 systemd[1]: Started PowerDNS Authoritative Server.
> 
> Oct 18 21:42:36 ns1 systemd[1]: pdns.service: Main process exited,
> code=exited, status=1/FAILURE
> 
> Oct 18 21:42:36 ns1 systemd[1]: pdns.service: Failed with result
> 'exit-code'.
> 
> Oct 18 21:42:37 ns1 systemd[1]: pdns.service: Service RestartSec=1s expired,
> scheduling restart.
> 
> Oct 18 21:42:37 ns1 systemd[1]: pdns.service: Scheduled restart job, restart
> counter is at 60.
> 
> Oct 18 21:42:37 ns1 systemd[1]: Stopped PowerDNS Authoritative Server.
> 
> -----
> 
>  
> 
> Oct 18 21:42:51 ns1 systemd[1]: Starting PowerDNS Authoritative Server...
> 
> Oct 18 21:42:53 ns1 systemd-journald[218]: Suppressed 80113 messages from
> pdns.service
> 
> Oct 18 21:42:53 ns1 pdns_server[2514841]: Failed to retrieve security status
> update for '4.8.2' on 'auth-4.8.2.security-status.secpoll.powerdns.com.':
> RCODE was Server Failure
> 
> Oct 18 21:42:53 ns1 pdns_server[2514841]: gmysql Connection successful.
> Connected to database 'powerdns' on '127.0.0.1'.
> 
> Oct 18 21:42:53 ns1 pdns_server[2514841]: Creating backend connection for
> TCP
> 
> Oct 18 21:42:53 ns1 pdns_server[2514841]: Primary/secondary communicator
> launching
> 
> Oct 18 21:42:53 ns1 pdns_server[2514841]: gmysql Connection successful.
> Connected to database 'powerdns' on '127.0.0.1'.
> 
> Oct 18 21:42:53 ns1 pdns_server[2514841]: gmysql Connection successful.
> Connected to database 'powerdns' on '127.0.0.1'.
> 
> Oct 18 21:42:53 ns1 pdns_server[2514841]: About to create 3 backend threads
> for UDP
> 
>  
> 
> Than again a lot of the same lines for the same domain.
> afther 3:36 minutes dns was responding normaly  and the request are back to
> normal.
> So It looks like some kind of attack.
> 
> Is there something that I can do to prevent this from the future.
> 
> 
> 
>  
> 
>  
> 
> 
> Met vriendelijke groet,
> 
>  
> 
> Steffan Noord
> 
>  
> 
>  
> 
> 	
> 	
> 
>  
> 
>  
> 

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list