BIND Stops Listening on TCP/53

[Tim Wilde]

I've just run into a very strange situation for the second time.  I'm not 
100% sure if it's a BIND bug or something weird with my OS, was wondering 
if anyone else might have seen it.  I'm running BIND 9.3.1 on FreeBSD 5.4.

What I saw happening is that BIND will stop answering TCP/53 requests on 
a single IP.  This box has multiple IPs on the same interface, all of 
which BIND listens on.  In this circumstance, I can connect to TCP/53 on 
all of the other IPs, but not this particular one (which happens to be the 
public nameservice IP of the box).  UDP/53 continues working on all 
interfaces, including the affected one.  netstat claims that the LISTEN 
socket on TCP/53 for the affected IP still exists, but any attempts to 
connect to it, locally or remotely, result in TCP timeouts.  tcpdump shows 
that SYNs are going completely un-answered.

I can get things working again by removing the IP alias from the 
interface, reloading BIND (to get the listener closed), re-adding the 
alias, and reloading again.  (reloading == rndc reload in this case)  I 
imagine entirely shutting down the server and re-starting it would also 
work, but due to the number of zones on this server I prefer not to do 
that unless absolutely necessary.

Has anyone run across this before?  Any ideas if this is a BIND thing or 
an OS thing?

Thanks,
Tim Wilde

-- 
Tim Wilde
twilde at dyndns.com
Systems Administrator
Dynamic Network Services, Inc.
http://www.dyndns.com/