socket.c:4524: unexpected error in BIND 9.4.3 P3

Le Vu lev at fpt.com.vn
Fri Jul 31 10:20:35 UTC 2009 

It happens on all of our DNS servers. We have 6 servers run RHEL 4.4
or Centos 5. This error appears more frequently on servers with high
load. I saw the same problem with BIND 9.6. That is the reason why I
stay with 9.4.2 as long as I can.

Performance is acceptable with 9.4.2 P2. I will try the workaround to
see if it work. Another workaround that I'm trying is patching the
9.4.2 P2 version with this:

--- bind-9.4.2-P2/bin/named/update.c     (original)
+++ bind-9.4.2-P2/bin/named/update.c  (Dynamic Update DoS security update)
@@ -861,7 +861,11 @@
 			if (type == dns_rdatatype_rrsig ||
 			    type == dns_rdatatype_sig)
 				covers = dns_rdata_covers(&t->rdata);
-			else
+			else if (type == dns_rdatatype_any) {
+				dns_db_detachnode(db, &node);
+				dns_diff_clear(&trash);
+				return (DNS_R_NXRRSET);
+			} else
 				covers = 0;

 			/*


BTW, what can I do to help debugging this problem? If it doesn't
involve with programming I will try.

Regards,
Vu

2009/7/31 JINMEI Tatuya / 神明達哉 <jinmei at isc.org>
>
> At Thu, 30 Jul 2009 22:16:47 +0700,
> Le Vu <lev.fpt at gmail.com> wrote:
>
> > I have updated BIND from 9.4.2-P2 to 9.4.3-P3 to mitigate the Dynamic Update
> > DOS attack. I have noted a lot of errors from socket.c (which I have never
> > seen before with v9.4.2)
> >
> > Jul 30 06:25:18 DNS1 named[25555]: socket.c:4524: unexpected error:
> > Jul 30 06:25:18 DNS1 named[25555]: 22/Invalid argument
> >
> > There are also some of these errors:
> > Jul 30 07:26:17 DNS1 named[25555]: sockmgr 0xb7f05008: maximum number of FD
> > events (64) received
> >
> > BIND is compiled with following option on Centos 5.3 (another machine with
> > RHEL 4.4 has these error too):
> > ./configure --disable-openssl-version-check --with-openssl=no
> >
> > What should I do:
> > - go back to 9.4.2-P2 and use iptables to filter DNS update packet
> > - use another version of BIND
> > - ignore the error
>
> If you didn't have a performance problem with 9.4.2-P2, please try
> rebuilding 9.4.3-P3 with --disable-epoll as a workaround.
>
> We've heard the problem you saw several times:
> https://lists.isc.org/pipermail/bind-users/2009-April/076026.html
> https://lists.isc.org/pipermail/bind-users/2009-May/076265.html
> but haven't figured out the cause of that.  While it doesn't seem to
> be super rare, it doesn't seem to be so common...I myself have never
> seen this on my Linux test box, and many other Linux users apparently
> don't have this problem either (otherwise we'd have got this report
> much more frequently).  If you're willing to help debug this problem
> (even if the workaround works), that would be great.
>
> Thanks,
>
> ---
> JINMEI, Tatuya
> Internet Systems Consortium, Inc.

More information about the bind-users mailing list