named SUDDENLY stopped working
Chris Thompson
cet1 at hermes.cam.ac.uk
Fri Mar 3 16:09:17 UTC 2006
On Mar 2 2006, G. Roderick Singleton wrote:
>On Thu, 2006-03-02 at 20:39 +0000, Chris Thompson wrote:
>> On Mar 2 2006, Mark Andrews wrote:
>>
>> >
>> >> on my master DNS server, rndc suddenly (March 1 2006) stopped working,
>> >> giving my the error "rndc: connect failed: timed out" this is after
>> >> MONTHS of being up, years after creation of the bind setup with the
>> >> keys and everything.
>> >
>> > There error indicates that the TCP connection failed. Either
>> > named is nolonger listening or the accept queue is full or
>> > a firewall in blocking the connection or kernel resources
>> > are exchausted or ...
>> >
>> >> machine running sunOS 5.8, BIND 9.2.2rc1
>> >
>> > Upgrade. BIND 9.2.2 is well past its "use by" date.
>> >
>> > Also we don't expect people to keep running release candidates
>> > after the final release. We do not look at release candidates
>> > when looking for which versions are vulnerable to a security
>> > issue.
>>
>> Good advice in general, but I'm sorry to say that I have observed almost
>> exactly that effect with other versions, most recently 9.2.5 (and Solaris 8,
>> again). Not with 9.3.2 as yet, but we've only been running that a few days ...
>>
>> In practice we've always been in too much of a hurry to get the nameserver
>> working again to investigate the problem in depth. But netstat still shows
>> BIND listening on port 953 (on the loopback interface) on the face of it.
>>
>Isn't 953 the rndc port? It is on my system.
Yes, of course. Let me be more explicit: "netstat still shows BIND listening
on port 953 even though the rndc command times out in just the way the Original
Poster describes in the text Mark quoted above". What's not to understand here?
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list