DNS Problem, Please Help!
jim at mpn.cp.philips.com
Mon Nov 1 19:07:42 UTC 1999
>>>>> "Eddie" == Eddie Kimura <edkimura at pacbell.net> writes:
Eddie> I am currently experiencing a problem with BIND 8.2.1 on a
Eddie> Redhat Linux 6 server at my company. I am reviewing the log
Eddie> files and seeing a large amounts of errors in it. At the
Eddie> same time i am getting a number of users complaing about
Eddie> not being able to connect to various servers on our
Eddie> network. It seems like the error occurs every minute or so
Eddie> and reportly occurs at various areas of our network. I was
Eddie> wondering if theres a bug in BIND, Linux, or if theres any
Eddie> problem at all. The server is very lightly loaded and is
Eddie> connected to a 100Mbps Cisco Switch. The error messages are
Eddie> shown below...
Eddie> poseidon named: ns_req: sendto([126.96.36.199].4333): Connection refused
Eddie> poseidon named: ns_req: sendto([188.8.131.52].2907): Connection refused
Eddie> poseidon named: ns_req: sendto([184.108.40.206].2926): Connection
Eddie> poseidon named: ns_req: sendto([220.127.116.11].3529): Connection refused
This is weird. Your name server is trying to send queries to port 4333
at IP addresss 18.104.22.168 and the TCP/IP stack at that address is
returning ECONNREFUSED "Connection refused" errors. This usually
happens when data gets sent to a port number that isn't in use. So it
looks as if something has sent a query from port 4333 on 22.214.171.124
- and port 2907 on 126.96.36.199, etc - and the reply from your name
server got rejected. Either the thing at the far end has gone away
before the reply came back or else the OS on 188.8.131.52 has decided
for some reason that port 4333 is not in use.
It might be an idea to turn on query logging on your name server and
find out what queries are being sent. This might identify the source
of the problem. Snooping on the wire as the DNS traffic might also be
It doesn't look like there's a problem with your name server. If it
was sending queries to these addresses, they would be going to port
53, the default for DNS service.
When did you first notice the problem and can you correlate that with
any other changes that have been made, particularly on the IP
addresses that get reported in the name server's logs?
More information about the bind-users