Hacked just to delete DNS zones?

There's no other explanation. I added a subdomain to the DNS, after switching to Debian, and it was working.

That subdomain wouldn't of worked, if the DNS server wasn't working. Unless, it added that one domain to the DNS, but it's on this domain, so I doubt that happened.

Going to look at my backup, and see if there was any files in /var/cache/bind before yesterday.

The server did mysteriously reboot one day too.

You'd expect to find something suspicious running on the server though. I did install NodeQuery recently, I removed that, in case that somehow got hacked. Doubt it, it ran as it's own user.

And, it looks like it wasn't configured 2019-11-09 either. I'll look at the oldest backup, which is 2019-11-02. Nope, no DNS since at least the second, probably the 27th of October.

Now, how did status.vanvalkinburgh.org load? That wasn't added to the DNS before October 27th. Magic I guess, I just checked the DNS, status isn't in there anymore. Was it ever?

Ahh, I'm bad with dates, go to Updates on status.vanvalkinburgh.org. That existed before I switched to Debian. Getting all paranoid for nothing.

Why does everything cache the DNS for so long?

It's still not fully fixed, I added two subdomains, and it created it in /var/named. And now the named.conf file says it's for Red Hat. How do I change that? You could trash the entire /usr/local/directadmin folder. Probably have to reinstall to get it back.

Where's the file that contains that folder?

You can change the folder in /usr/local/directadmin/conf/directadmin.conf.

Should be fixed now.

Why does Debian require the directory to be /var/cache/bind? Changing it doesn't work.