We're in the process of standing up new anycast name servers. They are running BIND 9.10.3-P4 on FreeBSD 10.2-RELEASE-p9.
We've only got one in service so far, but we've run into a very difficult issue. We are episodically seeing the BIND port 53 listener that is bound to the loopback (anycast) address exit. Sometimes both TCP and UDP listeners quit, in other instances just the TCP listener quits. Note that this is a recursive server. Here's an example of what I find in the BIND logs: 29-Apr-2016 12:38:06.849 network: no longer listening on 192.168.1.1#53 29-Apr-2016 12:38:06.861 network: listening on IPv4 interface lo1, 192.168.1.1#53 29-Apr-2016 12:38:06.863 network: binding TCP socket: permission denied lo1 is the anycast address for this box. BIND is still happily listening for TCP:53 on the interface address. The permission denied complaint is because BIND is running chroot. We could fix that, but it won't do anything to help explain why BIND stops listening on the loopback interface. No sign of trouble in the system logs. No evidence that there is an issue with the loopback interface disappearing. I've got lots of logging enabled in BIND, and the best I can tell is that it appears the unbind might be happening around the time when a zone transfer from the RPZ master occurs, but there is nothing helpful in the logs beyond the above announcement of 'no longer listening' (that message doesn't get written into the debug log file, so it is hard to correlate time between debug messages and the unbind). No obvious evidence of malfeasance is present. We've seen this happen three times over the past seven days. Twice it was just the TCP listener that dropped, once it was both TCP and UDP. Any thoughts on what rocks to turn over to find some clue on what might be causing this would be greatly appreciated. I can't tell if this has the smell of a bug or not at this point. thank you, mark --- Mark Boolootian UC Santa Cruz _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
