RE: Identify source of "rndc reconfig" command?

Mon, 24 Aug 2015 14:28:43 -0700 

Does the rndc protocol have a timeout? If so, what is it set to? I don't see 
anything about a configurable timeout interval in the man pages for rndc or 
rndc.conf.

What I'd probably do is turn off rndc in named.conf, set up a "dummy" server to 
listen on port 953, which just accepts the connection, but doesn't respond to 
anything sent to it. That means that whatever is sending this command is going 
to be "stuck" for some period of time -- possibly infinitely -- waiting for a 
response from the server. Then you can use something like "lsof" (which I 
assume exists in Debian) to track down which process it is.

                                                                        - Kevin

-----Original Message-----
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Robert Senger
Sent: Monday, August 24, 2015 5:02 PM
To: bind-users@lists.isc.org
Subject: Identify source of "rndc reconfig" command?

Hi all,

after upgrading from Debian Wheezy to Jessie, bind9 receives "rndc reconfig" 
commands every 30 minutes. I've never seen this before. Some of my own scripts 
run "rndc restart/reload" after fiddling with network interfaces, but none of 
these is the source of the observed 30 minutes interval. There are also no cron 
jobs.

In the bind9 logs I see this:

24-Aug-2015 22:53:43.431 general: info: received control channel command 
'reconfig'
24-Aug-2015 22:53:43.458 general: info: loading configuration from 
'/etc/bind/named.conf'
... [more than 350 lines reconfig log]

Running tcpdump on the lo interface gives me this:

root@prokyon:/etc/bind# tcpdump -i lo port 953
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
21:23:35.071602 IP localhost.48466 > localhost.953: Flags [S], seq 3862717043, 
win 43690, options [mss 65495,sackOK,TS val 196635776 ecr 0,nop,wscale 5], 
length 0
21:23:35.071699 IP localhost.953 > localhost.48466: Flags [S.], seq 2391140312, 
ack 3862717044, win 43690, options [mss 65495,sackOK,TS val 196635776 ecr 
196635776,nop,wscale 5], length 0
21:23:35.071821 IP localhost.48466 > localhost.953: Flags [.], ack 1, win 1366, 
options [nop,nop,TS val 196635776 ecr 196635776], length 0
21:23:35.075355 IP localhost.48466 > localhost.953: Flags [P.], seq 1:148, ack 
1, win 1366, options [nop,nop,TS val 196635777 ecr 196635776], length 147
21:23:35.075435 IP localhost.953 > localhost.48466: Flags [.], ack 148, win 
1399, options [nop,nop,TS val 196635777 ecr 196635777], length 0
21:23:35.115513 IP localhost.953 > localhost.48466: Flags [P.], seq 1:180, ack 
148, win 1399, options [nop,nop,TS val 196635787 ecr 196635777], length 179
21:23:35.115583 IP localhost.48466 > localhost.953: Flags [.], ack 180, win 
1399, options [nop,nop,TS val 196635787 ecr 196635787], length 0
21:23:35.116084 IP localhost.48466 > localhost.953: Flags [P.], seq 148:320, 
ack 180, win 1399, options [nop,nop,TS val 196635787 ecr 196635787], length 172
21:23:35.116130 IP localhost.953 > localhost.48466: Flags [.], ack 320, win 
1433, options [nop,nop,TS val 196635787 ecr 196635787], length 0
21:23:37.092444 IP localhost.953 > localhost.48466: Flags [P.], seq 180:363, 
ack 320, win 1433, options [nop,nop,TS val 196636281 ecr 196635787], length 183
21:23:37.094097 IP localhost.48466 > localhost.953: Flags [F.], seq 320, ack 
363, win 1433, options [nop,nop,TS val 196636281 ecr 196636281], length 0
21:23:37.130367 IP localhost.953 > localhost.48466: Flags [.], ack 321, win 
1433, options [nop,nop,TS val 196636291 ecr 196636281], length 0
21:23:37.829134 IP localhost.953 > localhost.48466: Flags [F.], seq 363, ack 
321, win 1433, options [nop,nop,TS val 196636465 ecr 196636281], length 0
21:23:37.829288 IP localhost.48466 > localhost.953: Flags [.], ack 364, win 
1433, options [nop,nop,TS val 196636465 ecr 196636465], length 0

Is there a way to identify the source of these reconfig commands? It's really 
annoying as it messes up the log with 350 useless lines every 30 minutes.

Thanks!

Robert
 

--
Robert Senger


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to