On Fri, 4 Jun 1999, Chris Wedgwood wrote:
Did you truss the stuck named's and see where they were sticking?
Without wishing to sound picky, what you want to do is 'strace -p
' and send me the results (the whole list probably won't want them).
If bind isn't scheduling for some reason, and you've got a valid psdatabase, then 'ps auxl | grep bind' and tell me where it's stuck.
I didn't do that myself, but one of the programming staff has, I am not sure what his conclusions were, I am CCing this to him...
Could it be that your slave configuration restricts zone transfers to none, and that bind is clever enough to not bother listening unless there is at least one local zone which is transferable?
If this is the case, does this look like a SYN flood to tcp/53? Maybe not intentional -- do you have slaves elsewhere which can route to your master, but which your master can't route back to?
More likely the box was just loaded... the SYN flood detection code is a little sensitive for some people. You could try enabling SYN cookies... (depending on kernel version, make sure it's compiled in and then do something like: echo 1 >/proc/sys/net/ipv4/tcp_syncookies" to enable these).
The load on the box never goes above about 0.3 even when named is pooping itself.
o It appears the the nameserver itself stops during that time. Incoming traffic still reaches the box, but none goes out. Also for the duration there seems to be no nameserver logging.
Maybe it's that hokey operating system you're using :)
Could be, but I somehow doubt it, I am sure however there is atleast one person on staff who would love to get (Free|Open|Net)BSD on the servers...
Maybe... what version of linux are you running? It's not getting hit by funnies that Alan Cox posted a fix to bugtraq yesterday (um, the deay before I think) is it?
Happened with 2.0.36 and 2.2.9 (patched). Doesn't seem to have anything to do with kernel. The variable we have issolated seem to be IP address and the fact the server is master. Anyhow, I will forward the responses to people with more technical smarts than me and see what they say... Thanks for you response (you too Joe). Dylan Reeve DDI: +64 9 359-2746 Assistant DNS Admin Fax: +64 9 358-5134 ihug business Freecall: 0800 847-638 http://www.ihug.co.nz/ Email: dylan(a)ihug.co.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog