CLOSE_WAIT not closing in Bind 9.2.0

D.M. hmprimerib at hotmail.com
Tue Jan 22 00:41:46 UTC 2002


> >Yes, netstat says port 53.  It's all TCP stuff.
<snip>
> >Any thoughts?
>
> Interesting.  I assume none of those are your slave servers.  My guess was
> going to be that you were being port-scanned, but some of those addresses
> reverse-resolve to names that look like ISP servers (216.37.1.19 =
> ns1.onecall.net).
> 
> Do you have any large entries in your DNS that would cause DNS queries to
> switch from UDP to TCP?  Like a name with several dozen A records, or an
> address with lots of PTR records.

Nope, those aren't our slavers.

Yeah, we have quite a few records with data that would exceed UDP
packet size which explains the use of TCP.

I can't figure out why named isn't closing those connections.  Why
would it sit in CLOSE_WAIT ?  The following doc says I should truss
and snoop to find the answer.

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=finfodoc%2F19137&zone_32=closing%20tcp%20connections

Guess that's my only path of action at this point.

Thanks.


More information about the bind-users mailing list