On Mon, Jul 8, 2024 at 7:52 AM Tom Marcoen (EXT) via bind-users
<bind-users@lists.isc.org> wrote:
>
> I observe the same behaviour. I have similar output for TCP/53 on the
> loopback and public IP addresses. The IP addresses and port numbers are the
> same, but the fd (file descriptors?) are different. I assumed different
> threads of the same process.
>
> # named -V | grep ^BIND
> BIND 9.18.26 (Extended Support Version) <id:936d80b>
> # ss -lntp | grep 953
> LISTEN 0 5 127.0.0.1:953 *:* users:(("named",pid=9623,fd=64))
> LISTEN 0 5 127.0.0.1:953 *:* users:(("named",pid=9623,fd=61))
> LISTEN 0 5 127.0.0.1:953 *:* users:(("named",pid=9623,fd=63))
> LISTEN 0 5 127.0.0.1:953 *:* users:(("named",pid=9623,fd=62))
How many cpus does your machine have?
I'm running bind at home; not a whole lot of traffic to named so it
seemed like all those threads were a waste. So pretend there's only
one cpu:
$ grep bind /etc/default/named
# OPTIONS="-u bind "
OPTIONS="-u bind -n 1"
$ ps -elf | grep [b]ind
4 S bind 944 1 0 80 0 - 103557 - Jul07 ?
00:00:31 /usr/sbin/named -f -u bind -n 1
$ ss -lntp | grep 953
LISTEN 0 4096 127.0.0.1:953 0.0.0.0:*
LISTEN 0 4096 [::1]:953 [::]:*
Regards,
Lee
> -----Oorspronkelijk bericht-----
> Van: bind-users <bind-users-boun...@lists.isc.org> Namens Thomas Hungenberg
> via bind-users
> Verzonden: maandag 8 juli 2024 13:13
> Aan: Robert Wagner <rwag...@tesla.net>; bind-users@lists.isc.org
> Onderwerp: Re: netstat showing multiple lines for each listening socket
>
> Hi Robert,
>
> it's the same PID for all lines, parent process is systemd.
>
> The lines in the netstat output are exact duplicates (same IP, port and PID).
> Other tools like ss show the same, so it's not a problem with netstat.
>
> It's the same bahaviour on different machines, some upgraded from Debian < 11
> and others installed from scratch with Debian 11 or 12.
>
> I also set up a test VM and started BIND with the default configuration
> shipped with Debian.
> Same behaviour: All lines are shown twice.
>
> It looks like on machines with only two interfaces (lo / eth0) the lines are
> shown twice
> while on machines with more interfaces (active or not) there are up to 20
> duplicate lines.
>
>
> - Thomas
>
>
> On 08.07.24 12:10, Robert Wagner wrote:
> > Some diagnostics is needed. When you reboot, does it show it up multiple
> > binds to the same port? Can your run netstat -tP to identify the process
> > ID (are they the same or different). There may also be other options to
> > provide more diagnostics.
> >
> > -Trying to determine if you are really binding the service four times to
> > the same port or this is just a ghost in the netstat program... Most
> > systems are designed to prevent binding multiple applications to the same
> > ip/port, but a service can spawn multiple threads on the same ip/port. You
> > may be seeing the threads and not unique service instances.
> >
> > Looking at the process ID, you may be able to track back to the root
> > process and determine if these are just service threads.
> >
> >
> > Robert Wagner
> >
> > ________________________________
> > From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Thomas
> > Hungenberg via bind-users <bind-users@lists.isc.org>
> > Sent: Monday, July 8, 2024 4:52 AM
> > To: bind-users@lists.isc.org <bind-users@lists.isc.org>
> > Subject: netstat showing multiple lines for each listening socket
> >
> > This email originated from outside of TESLA
> >
> > Do not click links or open attachments unless you recognize the sender and
> > know the content is safe.
> >
> > Hello,
> >
> > we have been running some BIND nameservers on Debian-based systems for many
> > years.
> >
> > Until (including) Debian 10 with BIND 9.11.5, netstat always showed only
> > one line
> > per listening socket, e.g.
> >
> > tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN
> > 1234/named
> > tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
> > 1234/named
> > udp 0 0 10.x.x.x:53 0.0.0.0:*
> > 1234/named
> > udp 0 0 127.0.0.1:53 0.0.0.0:*
> > 1234/named
> >
> >
> > We noticed that with Debian 11 and 12 (BIND 9.16.48 / 9.18.24), netstat
> > instead
> > shows multiple (on some systems four, on others up to 20) completely
> > identical lines
> > for each listening socket, like this:
> >
> > tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN
> > 1234/named
> > tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN
> > 1234/named
> > tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN
> > 1234/named
> > tcp 0 0 10.x.x.x:53 0.0.0.0:* LISTEN
> > 1234/named
> > tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
> > 1234/named
> > tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
> > 1234/named
> > tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
> > 1234/named
> > tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
> > 1234/named
> > udp 0 0 10.x.x.x:53 0.0.0.0:*
> > 1234/named
> > udp 0 0 10.x.x.x:53 0.0.0.0:*
> > 1234/named
> > udp 0 0 10.x.x.x:53 0.0.0.0:*
> > 1234/named
> > udp 0 0 10.x.x.x:53 0.0.0.0:*
> > 1234/named
> > udp 0 0 127.0.0.1:53 0.0.0.0:*
> > 1234/named
> > udp 0 0 127.0.0.1:53 0.0.0.0:*
> > 1234/named
> > udp 0 0 127.0.0.1:53 0.0.0.0:*
> > 1234/named
> > udp 0 0 127.0.0.1:53 0.0.0.0:*
> > 1234/named
> >
> >
> > We wonder what is causing this and if this is intended behaviour?
> >
> >
> > - Thomas
> > 
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> > this list
> >
> > ISC funds the development of this software with paid support subscriptions.
> > Contact us at https://www.isc.org/contact/ for more information.
> >
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> ________________________________________
> Disclaimer High Tech Campus Eindhoven: The information contained in this
> message and attachments may be confidential and legally protected under
> applicable law. The message and attachments are intended solely for the
> addressee(s). If you are not the intended recipient, you are hereby notified
> that any use, forwarding, dissemination, or reproduction of this message and
> attachments is strictly prohibited and may be unlawful. If you are not the
> intended recipient, please contact the sender by return e-mail and destroy
> all copies of the original message. Please visit:
> http://www.hightechcampus.com/go/pages/disclaimer for the most recent
> disclaimer.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
