CLOSE_WAIT not closing in Bind 9.2.0
Barry Margolin
barmar at genuity.net
Tue Jan 22 00:15:23 UTC 2002
In article <a2i5dg$pob at pub3.rc.vix.com>, D.M. <hmprimerib at hotmail.com> wrote:
>Yes, netstat says port 53. It's all TCP stuff.
>
># netstat -an |grep WAIT
> Local Address Remote Address Swind Send-Q Rwind Recv-Q State
>-------------------- -------------------- ----- ------ ----- ------ -------
>192.168.30.2.53 210.156.196.31.1260 32120 0 24583 0 CLOSE_WAIT
>192.168.25.2.53 130.125.1.10.1397 17520 0 24774 0 CLOSE_WAIT
>192.168.30.2.53 209.192.164.70.59595 17520 0 24774 0 CLOSE_WAIT
>192.168.25.2.53 216.37.1.19.1269 32120 0 24570 0 CLOSE_WAIT
>192.168.30.2.53 62.232.35.13.4088 17520 0 24777 0 CLOSE_WAIT
>192.168.30.2.53 204.201.58.9.59167 17520 0 24774 0 CLOSE_WAIT
>
>Any thoughts?
Interesting. I assume none of those are your slave servers. My guess was
going to be that you were being port-scanned, but some of those addresses
reverse-resolve to names that look like ISP servers (216.37.1.19 =
ns1.onecall.net).
Do you have any large entries in your DNS that would cause DNS queries to
switch from UDP to TCP? Like a name with several dozen A records, or an
address with lots of PTR records.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list