Identify source of "rndc reconfig" command?

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Mon Aug 24 21:26:59 UTC 2015 

Does the rndc protocol have a timeout? If so, what is it set to? I don't see anything about a configurable timeout interval in the man pages for rndc or rndc.conf.

What I'd probably do is turn off rndc in named.conf, set up a "dummy" server to listen on port 953, which just accepts the connection, but doesn't respond to anything sent to it. That means that whatever is sending this command is going to be "stuck" for some period of time -- possibly infinitely -- waiting for a response from the server. Then you can use something like "lsof" (which I assume exists in Debian) to track down which process it is.

									- Kevin

-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Robert Senger
Sent: Monday, August 24, 2015 5:02 PM
To: bind-users at lists.isc.org
Subject: Identify source of "rndc reconfig" command?

Hi all,

after upgrading from Debian Wheezy to Jessie, bind9 receives "rndc reconfig" commands every 30 minutes. I've never seen this before. Some of my own scripts run "rndc restart/reload" after fiddling with network interfaces, but none of these is the source of the observed 30 minutes interval. There are also no cron jobs.

In the bind9 logs I see this:

24-Aug-2015 22:53:43.431 general: info: received control channel command 'reconfig'
24-Aug-2015 22:53:43.458 general: info: loading configuration from '/etc/bind/named.conf'
... [more than 350 lines reconfig log]

Running tcpdump on the lo interface gives me this:

root at prokyon:/etc/bind# tcpdump -i lo port 953
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
21:23:35.071602 IP localhost.48466 > localhost.953: Flags [S], seq 3862717043, win 43690, options [mss 65495,sackOK,TS val 196635776 ecr 0,nop,wscale 5], length 0
21:23:35.071699 IP localhost.953 > localhost.48466: Flags [S.], seq 2391140312, ack 3862717044, win 43690, options [mss 65495,sackOK,TS val 196635776 ecr 196635776,nop,wscale 5], length 0
21:23:35.071821 IP localhost.48466 > localhost.953: Flags [.], ack 1, win 1366, options [nop,nop,TS val 196635776 ecr 196635776], length 0
21:23:35.075355 IP localhost.48466 > localhost.953: Flags [P.], seq 1:148, ack 1, win 1366, options [nop,nop,TS val 196635777 ecr 196635776], length 147
21:23:35.075435 IP localhost.953 > localhost.48466: Flags [.], ack 148, win 1399, options [nop,nop,TS val 196635777 ecr 196635777], length 0
21:23:35.115513 IP localhost.953 > localhost.48466: Flags [P.], seq 1:180, ack 148, win 1399, options [nop,nop,TS val 196635787 ecr 196635777], length 179
21:23:35.115583 IP localhost.48466 > localhost.953: Flags [.], ack 180, win 1399, options [nop,nop,TS val 196635787 ecr 196635787], length 0
21:23:35.116084 IP localhost.48466 > localhost.953: Flags [P.], seq 148:320, ack 180, win 1399, options [nop,nop,TS val 196635787 ecr 196635787], length 172
21:23:35.116130 IP localhost.953 > localhost.48466: Flags [.], ack 320, win 1433, options [nop,nop,TS val 196635787 ecr 196635787], length 0
21:23:37.092444 IP localhost.953 > localhost.48466: Flags [P.], seq 180:363, ack 320, win 1433, options [nop,nop,TS val 196636281 ecr 196635787], length 183
21:23:37.094097 IP localhost.48466 > localhost.953: Flags [F.], seq 320, ack 363, win 1433, options [nop,nop,TS val 196636281 ecr 196636281], length 0
21:23:37.130367 IP localhost.953 > localhost.48466: Flags [.], ack 321, win 1433, options [nop,nop,TS val 196636291 ecr 196636281], length 0
21:23:37.829134 IP localhost.953 > localhost.48466: Flags [F.], seq 363, ack 321, win 1433, options [nop,nop,TS val 196636465 ecr 196636281], length 0
21:23:37.829288 IP localhost.48466 > localhost.953: Flags [.], ack 364, win 1433, options [nop,nop,TS val 196636465 ecr 196636465], length 0

Is there a way to identify the source of these reconfig commands? It's really annoying as it messes up the log with 350 useless lines every 30 minutes.

Thanks!

Robert
 

--
Robert Senger


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list