BIND Stops Listening on TCP/53
Tim Wilde
twilde at dyndns.com
Thu Jan 5 22:26:35 UTC 2006
I've just run into a very strange situation for the second time. I'm not
100% sure if it's a BIND bug or something weird with my OS, was wondering
if anyone else might have seen it. I'm running BIND 9.3.1 on FreeBSD 5.4.
What I saw happening is that BIND will stop answering TCP/53 requests on
a single IP. This box has multiple IPs on the same interface, all of
which BIND listens on. In this circumstance, I can connect to TCP/53 on
all of the other IPs, but not this particular one (which happens to be the
public nameservice IP of the box). UDP/53 continues working on all
interfaces, including the affected one. netstat claims that the LISTEN
socket on TCP/53 for the affected IP still exists, but any attempts to
connect to it, locally or remotely, result in TCP timeouts. tcpdump shows
that SYNs are going completely un-answered.
I can get things working again by removing the IP alias from the
interface, reloading BIND (to get the listener closed), re-adding the
alias, and reloading again. (reloading == rndc reload in this case) I
imagine entirely shutting down the server and re-starting it would also
work, but due to the number of zones on this server I prefer not to do
that unless absolutely necessary.
Has anyone run across this before? Any ideas if this is a BIND thing or
an OS thing?
Thanks,
Tim Wilde
--
Tim Wilde
twilde at dyndns.com
Systems Administrator
Dynamic Network Services, Inc.
http://www.dyndns.com/
More information about the bind-users
mailing list