Bug#132492: bind fills up system log
Tobias Diedrich
Version: 1:8.3.3-2.0woody2
Followup-For: Bug #132492
The Problem from bugs #132492 and #234167 still persists:
We first encountered this problem last week, when bind went berserk and
filled up the /var partition. After removing the daemon and syslog
files and rebooting the system everything was back to normal until
today, when /var was filled up again.
Trying to find the cause for this problem I noticed these two bug
reports which fit our problem perfectly.
A traffic capture[1] shows that on start bind asks for the root server
records at one of the forwarders and only get an answer with ns records.
After that the syslog flood begins (no additional nameserver queries are
mode from bind, the other queries in this trace come from the local
dnscache listening at another ip address).
Apparently bind fails to fall back to /etc/bind/db.root and also fails
to throttle the error messages.
Switching from "forward first" to "forward only" or using different
name servers (the commented out ones) remedies the situation but is
certainly only covering up the real problem.
[1] http://www.tomodachi.de/~ranma/bind.tcpdump
named.conf:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind/README.Debian for information on the
// structure of BIND configuration files in Debian for BIND versions 8.2.1
// and later, *BEFORE* you customize this configuration file.
//
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
listen-on {
217.160.215.119;
};
forwarders {
// 130.75.1.32;
// 130.75.1.40;
195.20.224.234;
195.20.224.99;
};
};
// reduce log verbosity on issues outside our control
logging {
category lame-servers { null; };
category cname { null; };
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add entries for other zones below here
zone "a-n-t.de" {
type master;
file "/etc/bind/db.a-n-t.de";
};
zone "j-music.de" {
type master;
file "/etc/bind/db.j-music.de";
};
zone "j-musik.de" {
type master;
file "/etc/bind/db.j-musik.de";
};
zone "aniki.info" {
type master;
file "/etc/bind/db.aniki.info";
};
zone "animewiki.de" {
type master;
file "/etc/bind/db.animewiki.de";
};
zone "tomodachi.de" {
type master;
file "/etc/bind/db.tomodachi.de";
};
zone "animemarathon.de" {
type master;
file "/etc/bind/db.animemarathon.de";
};
zone "anime-marathon.de" {
type master;
file "/etc/bind/db.anime-marathon.de";
};
zone "conpics.de" {
type master;
file "/etc/bind/db.conpics.de";
};
zone "119.215.160.217.in-addr.arpa" {
type master;
file "/etc/bind/db.217.160.215.119";
};
db.root:
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
syslog excerpt:
Oct 3 20:52:20 ari named[26025]: starting (/etc/bind/named.conf). named 8.3.3-REL-NOESW Sun Jan 4 04:05:59 UTC 2004 ^Iroot@rootstrap:/host/space/tmp/mdz/debian/security/bind/bind-8.3.3/src/bin/named
Oct 3 20:52:20 ari named[26025]: hint zone "" (IN) loaded (serial 0)
Oct 3 20:52:20 ari named[26025]: master zone "localhost" (IN) loaded (serial 1)
Oct 3 20:52:20 ari named[26025]: master zone "127.in-addr.arpa" (IN) loaded (serial 1)
Oct 3 20:52:20 ari named[26025]: master zone "0.in-addr.arpa" (IN) loaded (serial 1)
Oct 3 20:52:20 ari named[26025]: master zone "255.in-addr.arpa" (IN) loaded (serial 1)
Oct 3 20:52:20 ari named[26025]: master zone "a-n-t.de" (IN) loaded (serial 2003101301)
Oct 3 20:52:20 ari named[26025]: master zone "j-music.de" (IN) loaded (serial 2003101301)
Oct 3 20:52:20 ari named[26025]: master zone "j-musik.de" (IN) loaded (serial 2003101301)
Oct 3 20:52:20 ari named[26025]: master zone "aniki.info" (IN) loaded (serial 2003101301)
Oct 3 20:52:20 ari named[26025]: master zone "animewiki.de" (IN) loaded (serial 2003101301)
Oct 3 20:52:20 ari named[26025]: master zone "tomodachi.de" (IN) loaded (serial 2004100101)
Oct 3 20:52:20 ari named[26025]: master zone "animemarathon.de" (IN) loaded (serial 2003101301)
Oct 3 20:52:20 ari named[26025]: master zone "anime-marathon.de" (IN) loaded (serial 2003101301)
Oct 3 20:52:20 ari named[26025]: master zone "conpics.de" (IN) loaded (serial 2004092001)
Oct 3 20:52:20 ari named[26025]: master zone "119.215.160.217.in-addr.arpa" (IN) loaded (serial 2003091701)
Oct 3 20:52:20 ari named[26025]: listening on [217.160.215.119].53 (eth0)
Oct 3 20:52:20 ari named[26025]: Forwarding source address is [0.0.0.0].46595
Oct 3 20:52:20 ari named[26026]: Ready to answer queries.
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (E.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (F.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (G.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (H.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (I.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (J.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (K.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (L.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (M.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (A.ROOT-SERVERS.NET)
Oct 3 20:52:20 ari named[26026]: sysquery: no addrs found for root NS (D.ROOT-SERVERS.NET)
[_19019_ additional lines of error log]
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (L.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (K.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (B.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (C.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (D.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (E.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (F.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (G.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (H.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (I.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (J.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (K.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (L.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (M.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: sysquery: no addrs found for root NS (A.ROOT-SERVERS.NET)
Oct 3 20:52:35 ari named[26026]: named shutting down
Oct 3 20:52:35 ari named[26026]: USAGE 1096829555 1096829540 CPU=2.21u/0.38s CHILDCPU=0u/0s
Oct 3 20:52:35 ari named[26026]: NSTATS 1096829555 1096829540
Oct 3 20:52:35 ari named[26026]: XSTATS 1096829555 1096829540 RR=1 RNXD=0 RFwdR=0 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=1 SAns=0 SFwdQ=0 SDupQ=1 SErr=0 RQ=0 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=0 SFail=0 SFErr=0 SNaAns=0 SNXD=0 RUQ=0 RURQ=0 RUXFR=0 RUUpd=0
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux ari 2.4.26-exec-shield #5 SMP Tue Jun 15 23:39:20 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages bind depends on:
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii netbase 4.07 Basic TCP/IP networking system
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org