On Thu, Jun 03, 1999 at 10:04:55PM +1200, Joe Abley wrote:
Did you truss the stuck named's and see where they were sticking?
Without wishing to sound picky, what you want to do is 'strace -p
Could it be that your slave configuration restricts zone transfers to none, and that bind is clever enough to not bother listening unless there is at least one local zone which is transferable?
If this is the case, does this look like a SYN flood to tcp/53? Maybe not intentional -- do you have slaves elsewhere which can route to your master, but which your master can't route back to?
More likely the box was just loaded... the SYN flood detection code is a little sensitive for some people. You could try enabling SYN cookies... (depending on kernel version, make sure it's compiled in and then do something like: echo 1 >/proc/sys/net/ipv4/tcp_syncookies" to enable these).
o Hardware is not a fault - We have used more than one physical machine. The effects did not change.
o It appears the the nameserver itself stops during that time. Incoming traffic still reaches the box, but none goes out. Also for the duration there seems to be no nameserver logging.
Maybe it's that hokey operating system you're using :)
Maybe... what version of linux are you running? It's not getting hit by funnies that Alan Cox posted a fix to bugtraq yesterday (um, the deay before I think) is it? -cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog