Hey guys, I recently got a dedicated server over @ iWeb and setup my server, all the DNS settings are setup in WHM. My website is running flawlessly most of the time however the DNS (tried both binds/nsd) crashes @ random intervals. When I restart named everything comes back up. I have a semi high amount of traffic (10k/day) & the server is dedicated so its supposed to be able to handle the load, even checked processes but it seems that thers a problem with named to me, I don't know much about sysadmin tho. Guys if you have any thought I would be so grateful. Plz Help !! Thanks so much !
Your going to need to start examining the logs to try to pinpoint why the name server is crashing. I would start with /var/log/messages.
Thanks for your reply after looking @ messages in /var/log/ it seems that when the DNS is crashing I get the error: Brute force detection active: PAM-hulk[29674]: Brute force detection active: 580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED. I get this multiple multiple times, Does this mean my server is being DDoSed ? Or could it mean that the DDoS protection is too sensitive ? If it could be that how can I make it more tolerable to having more simultaneous connections ? Once again, Thanks !
Sounds like you are using CPHulk. I am going to assume that they are ssh failure connections. I would move your ssh port to a non standard, that way people cannot find it That error may not be related to the reasons that your name server is shutting down.
Thx Chris Ill try that, for some reason my website has acquired quite a few enemies even though it has NOTHING to do with hacking ... anyhow, Thanks for the recommendations it's greatly appreciated
True hackers wouldn't brute force ssh, its just random bot traffic scanning your machine they are automated zombie machines. Along with that, your DNS issue is not caused by cphulk. BIND doesn't always log to /var/log/messages - Check your /var/log for the appropriate BIND log.