xfer-in: Transfer status: timed out (selective failures)

Peter 'PMc' Much pmc at citylink.dinoex.sub.org
Mon Feb 24 21:01:49 UTC 2025 

Hi,

  I started to get these messages, when some secondary tries to fetch
a zonefile from a primary. So I looked into it -

The primary is running:

# ps ax | grep named
13667  -  IsJ  0:00.39 /usr/local/sbin/named -n 1 -u bind -c /usr/local/etc/namedb/named.conf

It has ports configured:

        listen-on port 53       { 192.168.97.24; };
        listen-on-v6 port 53    { fd00::118; };

And it seems to listen on these ports:

tcp6       0      0 fd00::118.53           *.*                    LISTEN
tcp4       0      0 192.168.97.24.53       *.*                    LISTEN
udp6       0      0 fd00::118.53           *.*
udp4       0      0 192.168.97.24.53       *.*


When I open a telnet from a neighbouring node, it looks like this:

pmc at disp:511:1~$ telnet 192.168.97.24 53
Trying 192.168.97.24...
Connected to admn-e.intra.daemon.contact.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

That is what I would normally expect. However, when I do the same
from the node that hosts a secondary nameserver, this happens:

operator at pole:~ $ telnet 192.168.97.24 53
Trying 192.168.97.24...
telnet: connect to address 192.168.97.24: Operation timed out
telnet: Unable to connect to remote host

One would now assume a network issue. But there is none. These
packets do arrive at the primary, only the socket doesn't do
anything with them.

This is the working connection from the neighbour node:

# tcpdump -xxninadmn1l
20:40:01.604840 ARP, Request who-has 192.168.97.24 tell 192.168.97.18, length 46
        0x0000:  ffff ffff ffff 061d 9201 0222 0806 0001
        0x0010:  0800 0604 0001 061d 9201 0222 c0a8 6112
        0x0020:  0000 0000 0000 c0a8 6118 0000 0000 0000
        0x0030:  0000 0000 0000 0000 0000 0000
20:40:01.604913 ARP, Reply 192.168.97.24 is-at 06:1d:92:01:01:05, length 28
        0x0000:  061d 9201 0222 061d 9201 0105 0806 0001
        0x0010:  0800 0604 0002 061d 9201 0105 c0a8 6118
        0x0020:  061d 9201 0222 c0a8 6112
20:40:01.604993 IP 192.168.97.18.64497 > 192.168.97.24.53: Flags [S], seq 1911977491, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3668593643 ecr 0], length 0
        0x0000:  061d 9201 0105 061d 9201 0222 0800 4510
        0x0010:  003c 0000 4000 4006 f730 c0a8 6112 c0a8
        0x0020:  6118 fbf1 0035 71f6 7613 0000 0000 a002
        0x0030:  ffff f9be 0000 0204 05b4 0103 0306 0402
        0x0040:  080a daaa 4beb 0000 0000
20:40:01.605033 IP 192.168.97.24.53 > 192.168.97.18.64497: Flags [S.], seq 1403100325, ack 1911977492, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 244552087 ecr 3668593643], length 0
        0x0000:  061d 9201 0222 061d 9201 0105 0800 4500
        0x0010:  003c 0000 4000 4006 f740 c0a8 6118 c0a8
        0x0020:  6112 0035 fbf1 53a1 9ca5 71f6 7614 a012
        0x0030:  ffff 693c 0000 0204 05b4 0103 0306 0402
        0x0040:  080a 0e93 9197 daaa 4beb

And this is the connection from the secondary nameserver:

20:40:56.717735 IP 192.168.99.1.41219 > 192.168.97.24.53: Flags [S], seq 3201504914, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 67229358 ecr 0], length 0
        0x0000:  061d 9201 0105 061d 9201 0202 0800 4510
        0x0010:  003c 0000 4000 3e06 f741 c0a8 6301 c0a8
        0x0020:  6118 a103 0035 bed3 1692 0000 0000 a002
        0x0030:  ffff e396 0000 0204 05b4 0103 0306 0402
        0x0040:  080a 0401 d6ae 0000 0000
20:40:57.717784 IP 192.168.99.1.41219 > 192.168.97.24.53: Flags [S], seq 3201504914, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 67230358 ecr 0], length 0
        0x0000:  061d 9201 0105 061d 9201 0202 0800 4510
        0x0010:  003c 0000 4000 3e06 f741 c0a8 6301 c0a8
        0x0020:  6118 a103 0035 bed3 1692 0000 0000 a002
        0x0030:  ffff dfae 0000 0204 05b4 0103 0306 0402
        0x0040:  080a 0401 da96 0000 0000
20:40:59.917842 IP 192.168.99.1.41219 > 192.168.97.24.53: Flags [S], seq 3201504914, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 67232558 ecr 0], length 0
        0x0000:  061d 9201 0105 061d 9201 0202 0800 4510
        0x0010:  003c 0000 4000 3e06 f741 c0a8 6301 c0a8
        0x0020:  6118 a103 0035 bed3 1692 0000 0000 a002
        0x0030:  ffff d716 0000 0204 05b4 0103 0306 0402
        0x0040:  080a 0401 e32e 0000 0000


Packets do arrive, but are ignored.
The local firewall is switched to pass-thru.

I don't know what else could selectively swallow packets without
notice.
The good thing is, it swallows only IPv4, and since I have both
configured everywhere, things should still work. But the error
messages are annoying.


cheerio,
PMc

More information about the bind-users mailing list