Thanks for the insight. I added the following rule sudo firewall-cmd --permanent --direct --get-all-rules [sudo] password for admin: ipv4 filter OUTPUT 0 -d 10.10.10.100 -p tcp -m tcp --dport=53 -j ACCEPT where 10.10.10.100 is our DNS master, still receiving the error.
I found a solution for RHEL5/6, Root Cause •In socket_send() function the lock is not taken when doio_send() is invoked. •This makes possible for two or more threads to invoke doio_send() simultaneously, resulting in the race which caused the error to appear on the logfile but my environment is latest RHEL7. named: zone refresh: failure results in the operation to be canceled on RHEL5/6 $ Solution Verified - Updated March 5 2014 at 5:39 AM - English Environment •Red Hat Enterprise Linux 5 •bind-9.3.4-10.P1.el5 •Red Hat Enterprise Linux 6 •bind-9.7.0-5.P2.el6 Issue •named: zone refresh: failure ... operation canceled Raw Jan 1 00:00:00 xxx named[xxxx]: zone xxx.xxx.xxx.in-addr.arpa/IN: refresh: failure trying master xxx.xxx.xxx.xxx#53 (source xxx.xxx.xxx.xxx#0): operation canceled Resolution •For RHEL5, RHBA-2012:0254-1 at http://rhn.redhat.com/errata/RHBA-2012-0254.html •For RHEL6, RHBA-2011:1697-2 at http://rhn.redhat.com/errata/RHBA-2011-1697.html Root Cause •In socket_send() function the lock is not taken when doio_send() is invoked. •This makes possible for two or more threads to invoke doio_send() simultaneously, resulting in the race which caused the error to appear on the logfile On Mon, Nov 21, 2016 at 3:10 PM, Mark Andrews <ma...@isc.org> wrote: > > In message <CALg_j4-ibtaRv2aiKkS2Za6YBtiCvkRL7vBJvZQqqXXYhhJWCQ@mail. > gmail.c > om>, schilling writes: > > > > We are experiencing this bug with BIND 9.9.4-RedHat-9.9.4-29.el7_2.4 > > (Extended Support Version) running as slave on Red Hat Enterprise Linux > > Server release 7.2 (Maipo). > > disable firewalld seems to stopped the error logging. But as soon as > > re-enable firewalld, the messages came back. > > Well have you thought that your firewall rules could be wrong? That > they are blocking legitimate traffic? That they need to be re-written > to account for legitimate traffic? > > Mark > > > Do we have any update or fix on this? > > > > Best, > > > > Shiling Ding > > > > On Wed, Feb 4, 2015 at 2:59 PM, Raymond Drew Walker <ray.wal...@nau.edu> > > wrote: > > > > > Howdy, > > > > > > We’ve noticed the error message "refresh: failure trying master > > ...: > > > operation canceled” in our logs debugged from some slaves not up > > dating DS > > > records in some zones. > > > > > > Looking into this error over at: https://deepthought.isc. > > > org/article/AA-01213/0/What-causes-refresh:-failure- > > > trying-master-...:-operation-canceled-error-messages.html > > > > > > So far we have updated the RHEL6 kernel on the slaves which did > nothing. > > > > > > We have disabled the netfilter module which does seem to resolve the > iss > > ue > > > in our limited testing, but our sysadmins would like to continue use of > > > this module for other reasons. > > > > > > My question: > > > What information would be most useful in our incoming bug report? > > > > > > — > > > Raymond Walker > > > Software Systems Engineer StSp > > > ITS Northern Arizona University > > > > > > > > > _______________________________________________ > > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > > unsubscribe from this list > > > > > > bind-users mailing list > > > bind-users@lists.isc.org > > > https://lists.isc.org/mailman/listinfo/bind-users > > > > > > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
