Bind9, reprise de conf, l'enfer.. help !

jhfra · Avril 11, 2018, 6:00pm

Hello,

Je passe derrière mon prédécesseur sur sa conf named et je m’apperçois qu’il y a pas mal d’erreurs dans les logs, une fois que j’ai activé celles-ci. (Pour une raison de confidentialité, je ne peux mentionner les vrais nom des serveur, néanmoins, je vais vous donner toutes les infos).

Déjà, les problèmes :

serveur 1 - Sur le secondaire, dans /var/log/named/bind.log :

09-Apr-2018 10:25:17.742 general: error: dumping master file: /etc/bind/zones/tmp-szMU7aLToU: open: permission denied
09-Apr-2018 10:27:26.991 general: error: dumping master file: /etc/bind/zones/tmp-pXXU02XWe6: open: permission denied
09-Apr-2018 10:29:42.413 general: error: dumping master file: /etc/bind/zones/tmp-JWWX98FydD: open: permission denied
09-Apr-2018 10:33:32.321 general: error: dumping master file: /etc/bind/zones/tmp-RR9WDVYyPh: open: permission denied
09-Apr-2018 10:36:38.742 general: error: dumping master file: /etc/bind/zones/tmp-1vMJFpHWht: open: permission denied
09-Apr-2018 10:39:48.991 general: error: dumping master file: /etc/bind/zones/tmp-OgitfQ06UP: open: permission denied
09-Apr-2018 10:42:24.413 general: error: dumping master file: /etc/bind/zones/tmp-k2YjGE68rq: open: permission denied
09-Apr-2018 10:45:43.322 general: error: dumping master file: /etc/bind/zones/tmp-ZxLtMBdeAW: open: permission denied
09-Apr-2018 10:48:11.742 general: error: dumping master file: /etc/bind/zones/tmp-zKdSuHaHJS: open: permission denied

En pagaille… J’ai lu pas mal de choses à ce sujet et beaucoup orientent vers un problème de Selinux alors qu’il n’est pas activé chez moi.

serveur 1 - dans /var/log/bind/security j’ai pas mal d’alertes liées à spamhaus (utilisé sur le postfix) :

    03-Apr-2018 04:33:20.362 client 188.165.235.21#57975 (2.0.0.127.zen.spamhaus.org): query (cache) '2.0.0.127.zen.spamhaus.org/A/IN' denied
    03-Apr-2018 04:33:20.384 client 188.165.235.21#35265 (2.0.0.127.dbl.spamhaus.org): query (cache) '2.0.0.127.dbl.spamhaus.org/A/IN' denied
    03-Apr-2018 12:03:19.162 client 188.165.235.21#56928 (2.0.0.127.zen.spamhaus.org): query (cache) '2.0.0.127.zen.spamhaus.org/A/IN' denied
    03-Apr-2018 12:03:19.189 client 188.165.235.21#35926 (2.0.0.127.dbl.spamhaus.org): query (cache) '2.0.0.127.dbl.spamhaus.org/A/IN' denied
    05-Apr-2018 20:57:38.127 client 188.165.235.21#33344 (2.0.0.127.zen.spamhaus.org): query (cache) '2.0.0.127.zen.spamhaus.org/A/IN' denied
    05-Apr-2018 20:57:38.155 client 188.165.235.21#52568 (2.0.0.127.dbl.spamhaus.org): query (cache) '2.0.0.127.dbl.spamhaus.org/A/IN' denied
    06-Apr-2018 16:27:56.228 client 188.165.235.21#46010 (2.0.0.127.zen.spamhaus.org): query (cache) '2.0.0.127.zen.spamhaus.org/A/IN' denied
    06-Apr-2018 16:27:56.257 client 188.165.235.21#35349 (2.0.0.127.dbl.spamhaus.org): query (cache) '2.0.0.127.dbl.spamhaus.org/A/IN' denied
    07-Apr-2018 06:57:54.712 client 188.165.235.21#34926 (2.0.0.127.zen.spamhaus.org): query (cache) '2.0.0.127.zen.spamhaus.org/A/IN' denied
    07-Apr-2018 06:57:54.738 client 188.165.235.21#51403 (2.0.0.127.dbl.spamhaus.org): query (cache) '2.0.0.127.dbl.spamhaus.org/A/IN' denied
    07-Apr-2018 17:28:52.034 client 188.165.235.21#44196 (2.0.0.127.zen.spamhaus.org): query (cache) '2.0.0.127.zen.spamhaus.org/A/IN' denied
    07-Apr-2018 17:28:52.059 client 188.165.235.21#44242 (2.0.0.127.dbl.spamhaus.org): query (cache) '2.0.0.127.dbl.spamhaus.org/A/IN' denied
    07-Apr-2018 18:58:09.359 client 188.165.235.21#36960 (2.0.0.127.zen.spamhaus.org): query (cache) '2.0.0.127.zen.spamhaus.org/A/IN' denied
    07-Apr-2018 18:58:09.381 client 188.165.235.21#56704 (2.0.0.127.dbl.spamhaus.org): query (cache) '2.0.0.127.dbl.spamhaus.org/A/IN' denied
    09-Apr-2018 04:38:44.340 client 188.165.235.21#40316 (2.0.0.127.zen.spamhaus.org): query (cache) '2.0.0.127.zen.spamhaus.org/A/IN' denied
    09-Apr-2018 04:38:44.362 client 188.165.235.21#49467 (2.0.0.127.dbl.spamhaus.org): query (cache) '2.0.0.127.dbl.spamhaus.org/A/IN' denied

Pourquoi ?

La conf de serveur 1 pour la partie options :

named.conf.options
acl "trusted" {
   127.0.0.1/8;    # 2 en boucle locale
   164.132.1.5;  # 1
   51.254.13.8; # 2
};

options {
   directory "/var/cache/bind";

   # Activer DNSSEC
   dnssec-enable yes;
   dnssec-validation auto;
   auth-nxdomain no; # RFC1035

   # Interfaces d'écoute
   listen-on { any; };
   listen-on-v6 { none; };

   # Autoriser les requêtes récursives locales uniquement
   allow-recursion { trusted ; };

   # résolution en dernier ressort
   forwarders { 213.251.188.141; };
   # Ne pas transférer les informations des zones aux DNS secondaires
   allow-transfer { none; };

   # Ne pas autoriser la mise à jour des zones maîtres
   allow-update { none; };

   # Masquage du serveur
   version none;
   hostname none;
   server-id none;

};

serveur 2 - des infos errors en pagaille aussi :

09-Apr-2018 10:00:48.286 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 10:00:48.286 lame-servers: info: error (network unreachable) resolving './NS/IN': 2001:500:2f::f#53
09-Apr-2018 10:00:48.286 lame-servers: info: error (unexpected RCODE REFUSED) resolving '119.in-addr.arpa/DS/IN': 213.251.188.141#53
09-Apr-2018 10:00:48.286 lame-servers: info: error (network unreachable) resolving '119.in-addr.arpa/DS/IN': 2001:500:2f::f#53
09-Apr-2018 10:00:49.086 lame-servers: info: error (network unreachable) resolving './NS/IN': 2001:500:1::803f:235#53
09-Apr-2018 10:00:49.086 lame-servers: info: error (network unreachable) resolving '119.in-addr.arpa/DS/IN': 2001:500:1::803f:235#53
09-Apr-2018 10:00:49.101 lame-servers: info: error (unexpected RCODE REFUSED) resolving '189.119.in-addr.arpa/DS/IN': 213.251.188.141#53
09-Apr-2018 10:00:49.114 lame-servers: info: error (unexpected RCODE REFUSED) resolving '119.in-addr.arpa/DNSKEY/IN': 213.251.188.141#53
09-Apr-2018 10:00:49.114 lame-servers: info: error (network unreachable) resolving '119.in-addr.arpa/DNSKEY/IN': 2001:67c:1010:27::53#53
09-Apr-2018 10:00:49.114 lame-servers: info: error (network unreachable) resolving '119.in-addr.arpa/DNSKEY/IN': 2001:67c:e0::9#53
09-Apr-2018 10:07:24.257 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push.apple.com/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:07:24.257 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push.apple.com/A/IN': 213.251.188.141#53
09-Apr-2018 10:07:24.269 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push-apple.com.akadns.net/A/IN': 213.251.188.141#53
09-Apr-2018 10:07:24.270 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push-apple.com.akadns.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:07:24.573 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'googleapis.l.google.com/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:07:24.573 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'googleapis.l.google.com/A/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.760 lame-servers: info: error (unexpected RCODE REFUSED) resolving '11.251.121.88.in-addr.arpa/PTR/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.760 lame-servers: info: error (network unreachable) resolving '11.251.121.88.in-addr.arpa/PTR/IN': 2001:dc0:4001:1:0:1836:0:140#53
09-Apr-2018 10:22:23.760 lame-servers: info: error (network unreachable) resolving '11.251.121.88.in-addr.arpa/PTR/IN': 2001:500:2e::1#53
09-Apr-2018 10:22:23.761 lame-servers: info: error (network unreachable) resolving '11.251.121.88.in-addr.arpa/PTR/IN': 2001:500:13::c7d4:35#53
09-Apr-2018 10:22:23.761 lame-servers: info: error (network unreachable) resolving '11.251.121.88.in-addr.arpa/PTR/IN': 2001:67c:e0::5#53
09-Apr-2018 10:22:23.769 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns.ripe.net/A/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.769 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns.ripe.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.769 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns2.proxad.net/A/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.769 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns3.proxad.net/A/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.769 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns2.proxad.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.770 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns3.proxad.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.786 lame-servers: info: error (unexpected RCODE SERVFAIL) resolving '11.251.121.88.in-addr.arpa/PTR/IN': 193.0.9.6#53
09-Apr-2018 10:22:23.786 lame-servers: info: error (network unreachable) resolving '11.251.121.88.in-addr.arpa/PTR/IN': 2001:67c:e0::6#53
09-Apr-2018 10:22:23.870 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns2-rev.proxad.net/A/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.870 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns3-rev.proxad.net/A/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.870 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns2-rev.proxad.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.870 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ns3-rev.proxad.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.898 lame-servers: info: error (unexpected RCODE REFUSED) resolving '121.88.in-addr.arpa/DS/IN': 213.251.188.141#53
09-Apr-2018 10:22:23.940 lame-servers: info: error (unexpected RCODE REFUSED) resolving '88.in-addr.arpa/DNSKEY/IN': 213.251.188.141#53
09-Apr-2018 10:22:24.021 lame-servers: info: error (unexpected RCODE REFUSED) resolving '4fc70-1-88-121-251-11.fbx.proxad.net/A/IN': 213.251.188.141#53
09-Apr-2018 10:22:24.034 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 10:22:24.034 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'proxad.net/DS/IN': 213.251.188.141#53
09-Apr-2018 10:22:24.149 lame-servers: info: error (unexpected RCODE REFUSED) resolving '4fc70-1-88-121-251-11.fbx.proxad.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:22:25.811 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'changelogs.ubuntu.com/A/IN': 213.251.188.141#53
09-Apr-2018 10:22:25.812 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'changelogs.ubuntu.com/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:22:25.823 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 10:22:25.823 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'ubuntu.com/DS/IN': 213.251.188.141#53
09-Apr-2018 10:22:25.823 lame-servers: info: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
09-Apr-2018 10:22:25.823 lame-servers: info: error (network unreachable) resolving 'ubuntu.com/DS/IN': 2001:503:c27::2:30#53
09-Apr-2018 10:27:24.955 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push.apple.com/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:27:24.956 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push.apple.com/A/IN': 213.251.188.141#53
09-Apr-2018 10:27:24.964 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 10:27:24.965 lame-servers: info: error (network unreachable) resolving './NS/IN': 2001:7fe::53#53
09-Apr-2018 10:27:24.965 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'apple.com/DS/IN': 213.251.188.141#53
09-Apr-2018 10:27:24.965 lame-servers: info: error (network unreachable) resolving 'apple.com/DS/IN': 2001:7fe::53#53
09-Apr-2018 10:27:24.994 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push-apple.com.akadns.net/A/IN': 213.251.188.141#53
09-Apr-2018 10:27:24.994 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push-apple.com.akadns.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.002 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.002 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'akadns.net/DS/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.409 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'android.googleapis.com/A/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.409 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'android.googleapis.com/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.432 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'googleapis.com/DS/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.448 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'googleapis.l.google.com/AAAA/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.449 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'googleapis.l.google.com/A/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.463 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'google.com/DS/IN': 213.251.188.141#53
09-Apr-2018 10:27:25.463 lame-servers: info: error (network unreachable) resolving 'google.com/DS/IN': 2001:500:2d::d#53
09-Apr-2018 10:55:42.961 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 10:55:42.961 lame-servers: info: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
09-Apr-2018 10:55:42.961 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'net/NS/IN': 213.251.188.141#53
09-Apr-2018 11:00:54.962 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push.apple.com/AAAA/IN': 213.251.188.141#53
09-Apr-2018 11:00:54.962 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push.apple.com/A/IN': 213.251.188.141#53
09-Apr-2018 11:00:54.973 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 11:00:54.973 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'apple.com/DS/IN': 213.251.188.141#53
09-Apr-2018 11:00:55.001 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push-apple.com.akadns.net/A/IN': 213.251.188.141#53
09-Apr-2018 11:00:55.002 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'gateway.push-apple.com.akadns.net/AAAA/IN': 213.251.188.141#53
09-Apr-2018 11:00:55.017 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 11:00:55.017 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'akadns.net/DS/IN': 213.251.188.141#53
09-Apr-2018 11:00:55.817 lame-servers: info: error (network unreachable) resolving './NS/IN': 2001:500:3::42#53
09-Apr-2018 11:00:55.817 lame-servers: info: error (network unreachable) resolving 'akadns.net/DS/IN': 2001:500:3::42#53
09-Apr-2018 11:00:56.286 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'googleapis.l.google.com/A/IN': 213.251.188.141#53
09-Apr-2018 11:00:56.286 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'googleapis.l.google.com/AAAA/IN': 213.251.188.141#53
09-Apr-2018 11:00:56.296 lame-servers: info: error (unexpected RCODE REFUSED) resolving './NS/IN': 213.251.188.141#53
09-Apr-2018 11:00:56.296 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'google.com/DS/IN': 213.251.188.141#53
09-Apr-2018 11:00:56.296 lame-servers: info: error (network unreachable) resolving './NS/IN': 2001:7fd::1#53
09-Apr-2018 11:00:56.296 lame-servers: info: error (network unreachable) resolving 'google.com/DS/IN': 2001:7fd::1#53

Et la conf pour la partie options du-dit serveur 2 est la même que celle du serveur 1.

D’un point de vue fonctionnel, côté utilisateur, tout fonctionne, c’est en prod depuis un moment comme ça, mais j’arrive là-dessus et je trouve ce genre d’erreurs en soulevant les rideaux et je trouve ça un peu crado, je voudrais donc bien votre avis sur l’ensemble de ces sujets. Merci à vous !

Leobo · Avril 9, 2018, 10:18am

Tu as un problème de permissions pour la création de fichiers temporaires dans ton dossier bind/zones. Regarde de ce côté-là pour voir si les utilisateurs autorisés à écrire correspondent à ta conf’. C’est parfois juste un groupe à autoriser en écriture (laisser “Autres” en non autorisé par contre, c’est plus sûr).
C’est juste dnslookup qui tambourine à la porte.
T’as un forward refusé : 213.251.188.141. Va voir dans ton named.conf si tu le retrouves. Tu peux tester avec dig pour voir s’il te refuse bel et bien. À décommenter pour virer le bug.
Tu as aussi des tentatives de résolutions en IPv6, à mon avis ton serveur ne les gère pas.

jhfra · Avril 11, 2018, 1:40pm

Merci pour ta réponse.

J’ai même tenté de mettre un 777 pour débug sur ce bind/zones, rien à faire le problème reste le même

Ci dessous, les droits en place :

:/etc/bind# ls -altrh
total 64K
-rw-r--r--   1 root root 1,3K janv. 18  2016 zones.rfc1918
-rw-r--r--   1 root bind  463 janv. 18  2016 named.conf
-rw-r--r--   1 root root 3,0K janv. 18  2016 db.root
-rw-r--r--   1 root root  270 janv. 18  2016 db.local
-rw-r--r--   1 root root  353 janv. 18  2016 db.empty
-rw-r--r--   1 root root  237 janv. 18  2016 db.255
-rw-r--r--   1 root root  271 janv. 18  2016 db.127
-rw-r--r--   1 root root  237 janv. 18  2016 db.0
-rw-r-----   1 bind bind   77 févr. 11  2016 rndc.key
-rw-r--r--   1 root bind  618 mars   5  2016 named.conf.default-zones
-rw-r--r--   1 root root 3,9K sept. 15  2017 bind.keys
drwxr-sr-x   2 root bind 4,0K mars   7 09:43 zones
-rw-r--r--   1 root bind 1,7K mars   7 10:19 named.conf.local
drwxr-xr-x 120 root root 4,0K avril  9 10:14 ..
-rw-r--r--   1 root bind  786 avril  9 10:22 named.conf.options
drwxr-sr-x   3 root bind 4,0K avril  9 10:22 .

mais quel est le rapport entre dnscheck et spamhaus ?
Pourtant :

:/etc/bind# grep -R 213.251.188.141 *
named.conf.local:   allow-transfer {213.251.188.141;} ;
named.conf.local:   allow-transfer {213.251.188.141;} ;
named.conf.local:   allow-transfer {213.251.188.141;} ;
named.conf.options:   forwarders { 213.251.188.141; };

et

:/etc/bind# grep -R v6 *
named.conf.options:   listen-on-v6 { none; };

Qu’est-ce qui cloche ?

Merci !

Leobo · Avril 9, 2018, 1:37pm

Essaie en mettant named.conf sur bind:bind.
Spamhaus a dû blacklister dnslookup, ce n’est d’ailleurs pas le seul à l’avoir fait. À savoir que beaucoup d’anti-spam travaillent sur les zones dns pour vérifier l’intégrité du serveur appelant et le comparer aussi à leurs listes noires.
Ce n’est pas ta conf’ le problème, c’est l’ip que tu forwardes qui te refuses. Commente-la pour voir.
Pour l’IPv6, “none” veut dire qu’il n’en tient pas compte. Tu peux utiliser “any” pour une écoute non définie.

mattotop · Avril 10, 2018, 2:58pm

Chez moi, j’ai pas de répertoire /etc/bind/zones, mais c’est un simple proxy/cache.

Le ‘s’, sur le répertoire, c’est normal ?
Je ne me souviens plus à quoi correspond le flag, mais si c’est un sticky bit sur un répertoire de temp, il me semble que ce n’est pas bon.

jhfra · Avril 11, 2018, 5:59pm

Messieurs,

Eh bien pour mon premier problème “general: error: dumping master file: /etc/bind/zones/tmp-TU0AFYSUZL: open: permission denied”, j’ai l’impression que ça s’est résolu.

En fait, quand je corrigeais les droits comme cela me l’a été suggéré, je faisais systématiquement un restart du service, et dans les logs, juste derrière, apparaissait dans la foulée toujours ces erreurs. J’ai cependant laissé “reposer” le problème jusqu’à le reprendre aujourd’hui et je m’aperçois que ce message d’erreur a disparu, depuis le 9 à 15h (date de mes derniers redémarrages du services).

Depuis, plus aucune trace de ce message, ni au 10 ni au 11, alors qu’avant il apparaissait plusieurs fois par heures.

Concernant le problème de 213.251.188.141, j’ai fait comme vous avez dit, enfin, un peu différemment : au lieu d’utiliser 213.251.188.141 comme résolveur de secours, je suis passé par 8.8.8.8.

Tout semble rentré dans l’ordre. Merci à tous pour votre écoute et vos réponse