Re: Runaway BIND
On 12.02.07 09:55, Rich Johnson wrote:
> I just recovered from bind (8.4.7-1) flooding /var/log/syslog with
> several hundred megabytes of messages along the lines of:
>
> > grep "no addrs found for root" syslog | head
> Feb 10 19:54:59 creaky named[7652]: sysquery: no addrs found for root
> NS (B.GTLD-SERVERS.net)
> Feb 10 19:54:59 creaky named[7652]: sysquery: no addrs found for root
> NS (C.GTLD-SERVERS.net)
> Feb 10 19:54:59 creaky named[7652]: sysquery: no addrs found for root
> NS (D.GTLD-SERVERS.net)
>
> When bind goes nuts it repeated cycles through the entire set of root
> servers at both ROOT-SERVERS.NET and GTLD-SERVERS.net at the rate of
> ~550 logs/sec. A typical burst runs for ~75 seconds or so and emits
> ~42000 messages. In my case the bursts started at 19:54:59 EST
> (UTC-5) and affected both master and slave servers. That and the
> maturity of bind leads me to suspect some external trigger.
> The named.conf option set is rather daunting. Can anyone suggest
> some options to throttle back the verbosity?
well, i suggest you
- upgrade to bind9 (preferrably 9.3)
- check your named.root zone, if it exists and if you have it configured.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
Reply to:
- References:
- Runaway BIND
- From: Rich Johnson <rjohnson@dogstar-interactive.com>