When this message happens name service times out.
Cinense, Mark
macinen at sandia.gov
Tue May 9 16:51:59 UTC 2000
Sorry Jim,
Running Bind 8.2.2-P5 on Solaris 7. If this machine is an internal
machine, and port 53 is restricted to only this and one other nameserver,
could this cause this to happen? There are other nameservers in our
network, however they have no outside access. Also the other nameservers
are forwarding outside requests to this machine. What should I do?
Mark
-----Original Message-----
From: Jim Reid [mailto:jim at rfc1035.com]
Sent: May 09, 2000 10:37 AM
To: Mark Cinense
Cc: bind-users at vix.com
Subject: Re: When this message happens name service
times out.
>>>>> "Mark" == Cinense, Mark <macinen at sandia.gov> writes:
Mark> Greetings all, About a month ago we upgraded our
10mb NIC to
Mark> a 100mb NIC on a SPARC 5 270mhz with 96mb of
memory. Our
Mark> environment is about 8500 + machines, that
includes the
Mark> servers.
Shame you forgot to tell us what version of BIND you're
running.
Mark> I have a script that runs daily via cron, and its
Mark> job is to gather statistics on the nameserver.
This script
Mark> also restarts named by getting the named.pid info,
and doing
Mark> a kill -ILL on that pid.
Please get out of the habit of sending signals to the name
server to
make it do things. Use ndc and have it talk to the name
server via a
UNIX domain socket. What happens if the next BIND release
does
something different with SIGILL or even decides not to catch
it any
more? Or what if named.pid has the wrong process number?
Mark> Well after the upgrade of the
Mark> NIC's, I am now getting this message in my message
log.
Mark> May 9 07:50:20 ns4 named[22455]: refused query on
non-query socket from [134.253.93.44].2072
Mark> May 9 07:50:20 ns4 named[22455]: refused query on
non-query socket from [134.253.22.3].53
These messages should be self-explanatory. A query with
source IP
address 134.253.22.3 and port number 53 - presumably a name
server? -
was sent to a socket that your name server didn't expect to
get
queries on. The first log entry shows another of these
queries from
port 2072 of IP address 134.253.93.44. In BIND8, this
usually happens
when queries are sent to the random UDP port the server uses
when it
makes queries. Nothing should be sending queries to that
port which is
why the error messages are generated. You'll need to find
out what
these hosts are up to and why they're sending queries to a
socket that
isn't used for incoming requests. Maybe someone is port
scanning from
these addresses?
More information about the bind-users
mailing list