We've seen this repeatedly with our customers, usually evidenced by
slaves that stop refreshing and eventually expire the zone. It seems
to happen most on Mac OS X and Solaris, and less often (or perhaps
never) on Linux.
named just stops listening on the TCP port. If you execute "lsof -i:
53", you'll see that it's still listening on 127.0.0.1:53/TCP, but not
on some other interface. UDP seems to be unaffected by this.
The only solution we've found is to stop and restart named.
Chris Buxton
Professional Services
Men & Mice
On Apr 2, 2009, at 5:26 PM, Mark Koehler wrote:
Greetings.
We have 4 masters (rsync'd together) and a pair of load balancers
each of which distributes queries to any of the 4. On the masters,
we run Solaris 10 with BIND 9.5P1. Recently, one of the 4 stopped
using TCP on port 53, but UDP traffic continued unaffected. What
would cause the TCP port to stop? The port was unresponsive from
the backside of the load balancers, and no DNS TCP packets came from
the server either. Is there anything in BIND which would detect and
block a potential DOS attack?
Thanx,
mrak
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
