DNS Problem, Please Help!

Jim Reid jim at mpn.cp.philips.com
Mon Nov 1 19:07:42 UTC 1999

>>>>> "Eddie" == Eddie Kimura <edkimura at pacbell.net> writes:

    Eddie> I am currently experiencing a problem with BIND 8.2.1 on a
    Eddie> Redhat Linux 6 server at my company. I am reviewing the log
    Eddie> files and seeing a large amounts of errors in it. At the
    Eddie> same time i am getting a number of users complaing about
    Eddie> not being able to connect to various servers on our
    Eddie> network.  It seems like the error occurs every minute or so
    Eddie> and reportly occurs at various areas of our network. I was
    Eddie> wondering if theres a bug in BIND, Linux, or if theres any
    Eddie> problem at all. The server is very lightly loaded and is
    Eddie> connected to a 100Mbps Cisco Switch. The error messages are
    Eddie> shown below...

    Eddie> poseidon named[357]: ns_req: sendto([].4333): Connection refused
    Eddie> poseidon named[357]: ns_req: sendto([].2907): Connection refused 
    Eddie> poseidon named[357]: ns_req: sendto([].2926): Connection
    Eddie> poseidon named[357]: ns_req: sendto([].3529): Connection refused

This is weird. Your name server is trying to send queries to port 4333
at IP addresss and the TCP/IP stack at that address is
returning ECONNREFUSED "Connection refused" errors. This usually
happens when data gets sent to a port number that isn't in use.  So it
looks as if something has sent a query from port 4333 on
- and port 2907 on, etc - and the reply from your name
server got rejected. Either the thing at the far end has gone away
before the reply came back or else the OS on has decided
for some reason that port 4333 is not in use.

It might be an idea to turn on query logging on your name server and
find out what queries are being sent. This might identify the source
of the problem. Snooping on the wire as the DNS traffic might also be
a help.

It doesn't look like there's a problem with your name server. If it
was sending queries to these addresses, they would be going to port
53, the default for DNS service.

When did you first notice the problem and can you correlate that with
any other changes that have been made, particularly on the IP
addresses that get reported in the name server's logs?

More information about the bind-users mailing list