53/TCP port unresponsive

Chris Buxton cbuxton at menandmice.com
Fri Apr 3 16:38:42 UTC 2009


We've seen this repeatedly with our customers, usually evidenced by  
slaves that stop refreshing and eventually expire the zone. It seems  
to happen most on Mac OS X and Solaris, and less often (or perhaps  
never) on Linux.

named just stops listening on the TCP port. If you execute "lsof -i: 
53", you'll see that it's still listening on 127.0.0.1:53/TCP, but not  
on some other interface. UDP seems to be unaffected by this.

The only solution we've found is to stop and restart named.

Chris Buxton
Professional Services
Men & Mice

On Apr 2, 2009, at 5:26 PM, Mark Koehler wrote:

> Greetings.
>
> We have 4 masters (rsync'd together) and a pair of load balancers  
> each of which distributes queries to any of the 4.  On the masters,  
> we run Solaris 10 with BIND 9.5P1.  Recently, one of the 4 stopped  
> using TCP on port 53, but UDP traffic continued unaffected.  What  
> would cause the TCP port to stop?  The port was unresponsive from  
> the backside of the load balancers, and no DNS TCP packets came from  
> the server either.  Is there anything in BIND which would detect and  
> block a potential DOS attack?
>
> Thanx,
> mrak
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users




More information about the bind-users mailing list