netstat showing multiple lines for each listening socket
Thomas Hungenberg
th+bind at cert-bund.de
Mon Jul 8 08:52:35 UTC 2024
Hello,
we have been running some BIND nameservers on Debian-based systems for many years.
Until (including) Debian 10 with BIND 9.11.5, netstat always showed only one line
per listening socket, e.g.
tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN 1234/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1234/named
udp 0 0 10.x.x.x:53 0.0.0.0:* 1234/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named
We noticed that with Debian 11 and 12 (BIND 9.16.48 / 9.18.24), netstat instead
shows multiple (on some systems four, on others up to 20) completely identical lines
for each listening socket, like this:
tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN 1234/named
tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN 1234/named
tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN 1234/named
tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN 1234/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1234/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1234/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1234/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1234/named
udp 0 0 10.x.x.x:53 0.0.0.0:* 1234/named
udp 0 0 10.x.x.x:53 0.0.0.0:* 1234/named
udp 0 0 10.x.x.x:53 0.0.0.0:* 1234/named
udp 0 0 10.x.x.x:53 0.0.0.0:* 1234/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1234/named
We wonder what is causing this and if this is intended behaviour?
- Thomas

More information about the bind-users
mailing list