[DNS] BIND 9.9.9-P8 issue
Warren Kumari
warren at kumari.net
Mon Aug 21 13:18:20 UTC 2017
On Mon, Aug 21, 2017 at 4:33 AM, Daniel Rodrigues <dro1976 at gmail.com> wrote:
> Hello guys,
>
>
>
> We are facing to an important issue which is strongly annoying us on our DNS
> resolvers. We saw our cache decrease and we got lot of SERVFAIL/recursion
> during this period. The only way to solve it is to flush cache or reboot
> BIND. Our version is 9.9.9-P8 running on RHEL 6.6. We already got it 6 times
> in 1 week on different servers.
>
> Here some logs when the problem appears :
Some questions:
1: What do you have in your hints file? What do you get if you run
"dig ns . @<address>" where
<address> are the addresses in the hints file.
2: Have you manually configured / changed the max-cache-size ? If so,
er, why and to what?
3: Do you usually get the "maximum number of FD events (64) received" message?
Have you followed the advice in
https://kb.isc.org/article/AA-00716/0/Since-upgrading-to-BIND-9.9-Im-seeing-maximum-number-of-FD-events-64-received.html
?
and, the obvious 4: What changed recently? What sort of boxes are
these? What is their network connectivity like?
W
>
>
>
> named[10616]: database: warning: delete_node: dns_rbt_findnode(nsec):
> partial match
>
> named[10616]: general: warning: checkhints: unable to get root NS rrset from
> cache: not found
>
> general: info: sockmgr 0x7f4419f240f0: maximum number of FD events (64)
> received
>
>
>
> Below one link to see one cacti’s screen showing the performance:
>
> https://drive.google.com/file/d/0B3pglqx0sbOiN3ZWQmM3MDdYOTQ/view?usp=sharing
>
>
>
>
> Do you have any idea to solve it definitively ? Is it an exploit bug ?
>
> Thanks for you help.
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
More information about the bind-users
mailing list