Strange: My Bind (8.4.6) freezes randomly
Santiago Romero
sromero at servicom2000.com
Wed Jan 10 18:08:33 UTC 2007
More info... I'm running bind in debug mode, and I found:
1.- Strange lines I've never seen before:
==========================================
datagram from [212.101.67.30].2169, fd 20, len 45
XX+/212.101.67.30/ono.es.dsn.rfc-ignorant.org/A/IN
req: nlookup(ono.es.dsn.rfc-ignorant.org) id 55678 type=1 class=1
req: found 'ono.es.dsn.rfc-ignorant.org' as 'dsn.rfc-ignorant.org' (cname=0)
evSetTimer(ctx 0x80e7768, func 0x806126c, uap (nil), due
1168449414.000000000, inter 0.000000000)
forw: forw -> [208.201.249.252].53 ds=20 nsid=8658 id=55678 8ms retry 4sec
datagram from [212.101.67.30].2170, fd 20, len 55
XX+/212.101.67.30/11.227.42.62.ipwhois.rfc-ignorant.org/TXT/IN
req: nlookup(11.227.42.62.ipwhois.rfc-ignorant.org) id 55679 type=16 class=1
req: found '11.227.42.62.ipwhois.rfc-ignorant.org' as
'ipwhois.rfc-ignorant.org' (cname=0)
NS 'localhost.rfc-ignorant.org' Bogus LOOPBACK A RR
forw: nslookup reports danger
(Bogus LOOPBACK A RR? nslookup reports danger?)
I can't see any other kind of errors, only IPV6 queries (I don't know
if they can be the problem). I just "tail -f" the named.run file, and
when it stops, I know that bind is freeze.
The last time, the logging ended with:
datagram from [212.101.64.35].53, fd 22, len 38
qfindid(41653) -> 0x80ea440
Response (SYSTEM NORMAL -) nsid=41653 id=0
++ ns_resp(rcvd) ++ (38)
;; ->>HEADER<<- opcode: NOTIFY, status: NOERROR, id: 41653
;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; anticcolonial.com.es, type = SOA, class = IN
-- ns_resp(rcvd) --
stime 1168452153/915606 now 1168452153/958910 rtt 43
Received NOTIFY answer (AA) from 212.101.64.35 for "dominio.com.es IN SOA"
qremove(0x80ea440)
unsched(0x80ea440, 0)
evSetTimer(ctx 0x80e7768, func 0x806126c, uap (nil), due
1168452156.000000000, inter 0.000000000)
ns_freeqry(0x80ea440)
datagram from [212.101.64.4].53, fd 22, len 24
ns_req(from [212.101.64.4].53)
(and bind freezes)
If I wait, then some queries and answers are logged in named.run, maybe
queued queries, because it doesn't answer to new queries...
I'm totally lost, this seems a kernel/bind/DoS problem, but I don't know
how to detect it.
--
Santiago Romero
Departamento de Sistemas
sromero at servicom2000.com
Av. Primado Reig 189, entlo
46020 Valencia - Spain
Telf. (+34) 96 332 12 00
Fax. (+34) 96 332 12 01
http://www.servicom2000.com
More information about the bind-users
mailing list