bind 9.2.1 ON rh9

Mark Andrews Mark_Andrews at isc.org
Tue Oct 31 21:38:31 UTC 2006 

> Mark, 
> It appears 9.3.2 the current stable rev? is that correct? I have a
> problem using release candidates in a production setting. 
> 
> The server in question had several daemons not associated with active
> production that I've shut off, we will likely prepare a plan to deploy a
> later rev on a newer kernel of Linux.. 

	The lastest is 9.3.2-P1.
 
> -----Original Message-----
> From: Mark_Andrews at isc.org [mailto:Mark_Andrews at isc.org] 
> Sent: Tuesday, October 31, 2006 3:28 PM
> To: Mueller, Rex
> Cc: Kevin Darcy; bind-users at isc.org
> Subject: Re: bind 9.2.1 ON rh9 
> 
> 
> > Thanks Mark and Kevin, 
> > 
> > This helps.. we are thinking we will upgrade to 9.2.4 at minimum. 
> 
> 	BIND 9.2.4 is also past its "use by" date.
>  
> > -----Original Message-----
> > From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> > Behalf Of Mark Andrews
> > Sent: Monday, October 30, 2006 5:28 PM
> > To: Kevin Darcy
> > Cc: bind-users at isc.org
> > Subject: Re: bind 9.2.1 ON rh9 
> > 
> > 
> > > Mueller, Rex wrote:
> > > > We need to look into a problem, can you point in a direction in
> > which to
> > > > look? 
> > > >  
> > > >
> > > > We are having a problem on a box that acts as our primary DNS
> > machine
> > > > running Redhat 9.0 and BIND 9.2.1.. Periodically it quits replying
> > to
> > > > DNS requests, we clear the cache with rndc flush, sometimes, that
> > does
> > > > not work we have to kill -9 named processes. and restart.
> Sometimes
> > it
> > > > hangs and halts the system altogether.
> > > >
> > > >  
> > > >
> > > > I've looked in /var/log/messages there are RRSets and some
> > lameserver
> > > > entries but we can't seem to isolate what the problem truly is. 
> > > >
> > > >  
> > > >
> > > > The hardware is a Dell server, it'd had been working fine for a
> > couple
> > > > of year and as it was we'd have to rndc flush periodically (once
> per
> > > > month..) now it is occuring daily. Sometimes to the point of
> halting
> > the
> > > > box. Can't say whether it's hardware or software. 
> > > >
> > > >  
> > > >
> > > > Can we put our primary DNS address (via ifconfig) to the secondary
> > and
> > > > take the primary offline to do hardware diagnostics? 
> > > >
> > > >  
> > > >
> > > > At this point we are baffled and need some assistance. Any insight
> > from
> > > > the group would be greatly appreciated.. 
> > > >   
> > > 1. BIND 9.2.1 is pretty old at this point. I'd upgrade that,
> > regardless 
> > > of whether it's the fix to your problem or not.
> > > 2. If an rndc flush helps some of the time, my knee-jerk reaction is
> > to 
> > > say you're experiencing some sort of memory starvation issue. You
> > didn't 
> > > give any indication of how much memory you have in the box, how much
> 
> > > named uses typically, query volume/patterns, memory usage statistics
> 
> > > over a given period of time, etc. so I'm left to reckless
> speculation
> > on 
> > > that front.
> > 
> > 	I would say that these represent broken delegations.  Something
> > 	on the parent side does not match something on the child side.
> > 	e.g.
> > 	      NS RRset and/or address records sets for the nameservers
> > 	      or NS RRset and/or address records where the nameservers
> > live
> > 	      or NS RRset and/or address records where the nameservers'
> > 		 nameservers live
> > 	      or ...
> > 
> > > 3. If this problem "halts the system altogether", then, my second 
> > > knee-jerk reaction is to say that this goes beyond a mere
> DNS-software
> > 
> > > problem, and enters the realm of OS (kernel-level) and/or hardware 
> > > problem. Unless perhaps RedHat 9.0 is *really* bad at dealing with 
> > > memory-starvation conditions (in which case it might just be
> > symptomatic).
> > 
> > 	This sounds like memory starvation though you should get log
> > 	messages to that effect.
> > 
> > > 4. Can you migrate the address of your primary DNS server to another
> 
> > > box, so that you can do diagnostics, without disrupting your
> clients? 
> > > That's not even really a DNS question. It all depends on your 
> > > LAN/switch/router/firewall configuration/topology. I have no idea
> what
> > 
> > > devices or paths are used between the clients and servers in your 
> > > network, and what the configurations/rules that those devices might
> be
> > 
> > > using or not using...
> > > 
> > >
> > 
> > >                                  - Kevin
> > > 
> > > 
> > -- 
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> > 
> > 
> > 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list