--- Begin Message ---
Package: bind9
Version: 1:9.3.1-2
Severity: important
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages bind9 depends on:
ii adduser 3.64 Add and remove users and groups
ii libbind9-0 1:9.3.1-2 BIND9 Shared Library used by BIND
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libdns20 1:9.3.1-2 DNS Shared Library used by BIND
ii libisc9 1:9.3.1-2 ISC Shared Library used by BIND
ii libisccc0 1:9.3.1-2 Command Channel Library used by BI
ii libisccfg1 1:9.3.1-2 Config File Handling Library used
ii liblwres1 1:9.3.1-2 Lightweight Resolver Library used
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii netbase 4.21 Basic TCP/IP networking system
bind9 recommends no packages.
-- no debconf information
Output from 'strace -f -o<filename> host localhost':
21885 execve("/usr/bin/host", ["host", "localhost"], [/* 22 vars */]) = 0
21885 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
21885 open("/etc/ld.so.cache", O_RDONLY) = 3
21885 close(3) = 0
21885 open("/usr/lib/liblwres.so.1", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340%\0"..., 512)
= 512
21885 close(3) = 0
21885 open("/usr/lib/libdns.so.20", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320,\1"..., 512)
= 512
21885 close(3) = 0
21885 open("/usr/lib/i686/cmov/libcrypto.so.0.9.7", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\300\2"..., 512)
= 512
21885 close(3) = 0
21885 open("/usr/lib/libbind9.so.0", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\30\0\000"...,
512) = 512
21885 close(3) = 0
21885 open("/usr/lib/libisc.so.9", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\202\0"...,
512) = 512
21885 close(3) = 0
21885 open("/usr/lib/libisccfg.so.1", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340O\0"..., 512)
= 512
21885 close(3) = 0
21885 open("/lib/tls/libnsl.so.1", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 <\0\000"...,
512) = 512
21885 close(3) = 0
21885 open("/lib/tls/libpthread.so.0", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0pF\0\000"...,
512) = 512
21885 close(3) = 0
21885 open("/lib/tls/libc.so.6", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`Z\1\000"...,
512) = 512
21885 close(3) = 0
21885 open("/lib/tls/libdl.so.2", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\32"..., 512)
= 512
21885 close(3) = 0
21885 open("/usr/lib/libisccc.so.0", O_RDONLY) = 3
21885 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\35\0\000"...,
512) = 512
21885 close(3) = 0
21885 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
21885 close(3) = 0
21885 socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 3
21885 getsockname(3, {sa_family=AF_INET6, sin6_port=htons(0),
inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28])
= 0
21885 close(3) = 0
21885 clone(child_stack=0x40c0ab48,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED,
parent_tidptr=0x40c0abf8, {entry_number:6, base_addr:0x40c0abb0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}, child_tidptr=0x40c0abf8) = 21886
21885 clone(child_stack=0x4140ab48,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED,
parent_tidptr=0x4140abf8, {entry_number:6, base_addr:0x4140abb0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}, child_tidptr=0x4140abf8) = 21887
21885 clone(child_stack=0x41c0ab48,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED,
parent_tidptr=0x41c0abf8, {entry_number:6, base_addr:0x41c0abb0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}, child_tidptr=0x41c0abf8) = 21888
21885 open("/usr/share/locale/en_US/libdst.cat", O_RDONLY) = -1 ENOENT (No such
file or directory)
21885 open("/usr/share/locale/en_US/LC_MESSAGES/libdst.cat", O_RDONLY) = -1
ENOENT (No such file or directory)
21885 open("/usr/share/locale/en/libdst.cat", O_RDONLY) = -1 ENOENT (No such
file or directory)
21885 open("/usr/share/locale/en/LC_MESSAGES/libdst.cat", O_RDONLY) = -1 ENOENT
(No such file or directory)
21885 open("/usr/share/locale/en_US/libisc.cat", O_RDONLY) = -1 ENOENT (No such
file or directory)
21885 open("/usr/share/locale/en_US/LC_MESSAGES/libisc.cat", O_RDONLY) = -1
ENOENT (No such file or directory)
21885 open("/usr/share/locale/en/libisc.cat", O_RDONLY) = -1 ENOENT (No such
file or directory)
21885 open("/usr/share/locale/en/LC_MESSAGES/libisc.cat", O_RDONLY) = -1 ENOENT
(No such file or directory)
21885 open("/usr/share/locale/en_US/libdns.cat", O_RDONLY) = -1 ENOENT (No such
file or directory)
21885 open("/usr/share/locale/en_US/LC_MESSAGES/libdns.cat", O_RDONLY) = -1
ENOENT (No such file or directory)
21885 open("/usr/share/locale/en/libdns.cat", O_RDONLY) = -1 ENOENT (No such
file or directory)
21885 open("/usr/share/locale/en/LC_MESSAGES/libdns.cat", O_RDONLY) = -1 ENOENT
(No such file or directory)
21885 open("/etc/resolv.conf", O_RDONLY) = 5
21885 read(5, "search universe\nnameserver 192.1"..., 4096) = 39
21885 read(5, "", 4096) = 0
21885 close(5) = 0
21886 socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP) = 5
21886 close(5) = 0
21886 setsockopt(20, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0
21886 bind(20, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
21886 recvmsg(20, 0x40c0a920, 0) = -1 EAGAIN (Resource temporarily
unavailable)
21886 write(4, "\24\0\0\0\375\377\377\377", 8) = 8
21886 sendmsg(20, {msg_name(16)={sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.1")},
msg_iov(1)=[{"#\263\1\0\0\1\0\0\0\0\0\0\tlocalhost\10universe\0"..., 36}],
msg_controllen=0, msg_flags=0}, 0) = 36
21888 read(3, "\24\0\0\0\375\377\377\377", 8) = 8
21888 read(3, 0x41c0a848, 8) = -1 EAGAIN (Resource temporarily
unavailable)
21886 recvmsg(20, {msg_name(16)={sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.1")},
msg_iov(1)=[{"#\263\205\203\0\1\0\0\0\1\0\0\tlocalhost\10universe\0"...,
65535}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d
/* SCM_??? */, ...}, msg_flags=0}, 0) = 84
21886 write(4, "\24\0\0\0\373\377\377\377", 8) = 8
21888 read(3, "\24\0\0\0\373\377\377\377", 8) = 8
21888 close(20) = 0
21888 read(3, 0x41c0a848, 8) = -1 EAGAIN (Resource temporarily
unavailable)
21886 socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP) = 5
21886 close(5) = 0
21886 setsockopt(20, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0
21886 bind(20, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
21886 recvmsg(20, 0x40c0a7d0, 0) = -1 EAGAIN (Resource temporarily
unavailable)
21886 write(4, "\24\0\0\0\375\377\377\377", 8) = 8
21888 read(3, "\24\0\0\0\375\377\377\377", 8) = 8
21886 sendmsg(20, {msg_name(16)={sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.1")},
msg_iov(1)=[{"\211e\1\0\0\1\0\0\0\0\0\0\tlocalhost\0\0\1\0\1", 27}],
msg_controllen=0, msg_flags=0}, 0 <unfinished ...>
21888 read(3, <unfinished ...>
21886 <... sendmsg resumed> ) = 27
21888 <... read resumed> 0x41c0a848, 8) = -1 EAGAIN (Resource temporarily
unavailable)
21886 recvmsg(20, {msg_name(16)={sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.1")},
msg_iov(1)=[{"\211e\201\203\0\1\0\0\0\1\0\0\tlocalhost\0\0\1\0\1\0\0"...,
65535}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d
/* SCM_??? */, ...}, msg_flags=0}, 0) = 102
21886 write(1, "Host localhost not found: 3(NXDO"..., 38) = 38
21886 write(4, "\24\0\0\0\373\377\377\377", 8) = 8
21888 read(3, <unfinished ...>
21885 --- SIGTERM (Terminated) @ 0 (0) ---
21888 <... read resumed> "\24\0\0\0\373\377\377\377", 8) = 8
21888 close(20) = 0
21888 read(3, 0x41c0a848, 8) = -1 EAGAIN (Resource temporarily
unavailable)
21886 _exit(0) = ?
21885 write(4, "\0\0\0\0\377\377\377\377", 8) = 8
21888 read(3, "\0\0\0\0\377\377\377\377", 8) = 8
21888 _exit(0) = ?
21885 close(3) = 0
21885 close(4) = 0
21887 _exit(0) = ?
21885 exit_group(1) = ?
zone "localdomain":
; localdomain
$TTL 604800
@ IN SOA helios.universe. root.helios.universe. (
2005072801 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN NS helios.universe.
localhost IN A 127.0.0.1
zone "0.0.127.in-addr.arpa":
; 0.0.127.in-addr.arpa
$TTL 604800
@ IN SOA helios.universe. root.helios.universe (
2005072801 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN NS helios.unverse.
1 IN PTR localhost.
'host localhost.localdomain' returns:
localhost.localdomain has address 127.0.0.1
'host localhost' return:
Host localhost not found: 3(NXDOMAIN)
Which appears to be due to all those 'Resource temporarily unavailable'
messages above.
'netstat -antp | grep 53' returns:
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
31959/named
tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN
31959/named
tcp 0 0 24.171.49.171:53 0.0.0.0:* LISTEN
31959/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
31959/named
tcp 0 0 192.168.0.1:25 0.0.0.0:* LISTEN
2531/exim4
iptables allows ALL traffic on 127.0.0.1 (iptables-save output follows):
# Generated by iptables-save v1.3.1 on Sun Jul 31 14:30:05 2005
*nat
:PREROUTING ACCEPT [710993:40195735]
:POSTROUTING ACCEPT [3078:292639]
:OUTPUT ACCEPT [9394:864276]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Jul 31 14:30:05 2005
# Generated by iptables-save v1.3.1 on Sun Jul 31 14:30:05 2005
*mangle
:PREROUTING ACCEPT [7777178:3491193128]
:INPUT ACCEPT [724488:342724770]
:FORWARD ACCEPT [7052088:3148385387]
:OUTPUT ACCEPT [608280:363734767]
:POSTROUTING ACCEPT [7661857:3512537053]
COMMIT
# Completed on Sun Jul 31 14:30:05 2005
# Generated by iptables-save v1.3.1 on Sun Jul 31 14:30:05 2005
*filter
:INPUT DROP [46375:3719456]
:FORWARD DROP [0:0]
:OUTPUT DROP [343:29642]
:allowed - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_packets - [0:0]
:udp_packets - [0:0]
-A INPUT -p tcp -j bad_tcp_packets
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -j tcp_packets
-A INPUT -i eth0 -p udp -j udp_packets
-A INPUT -i eth0 -p icmp -j icmp_packets
-A INPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT INPUT
packet died: " --log-level 7
-A INPUT -p tcp -j bad_tcp_packets
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -j tcp_packets
-A INPUT -i eth0 -p udp -j udp_packets
-A INPUT -i eth0 -p icmp -j icmp_packets
-A INPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT INPUT
packet died: " --log-level 7
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT
FORWARD packet died: " --log-level 7
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT
FORWARD packet died: " --log-level 7
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -s 192.168.0.1 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT
OUTPUT packet died: " --log-level 7
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -s 192.168.0.1 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "IPT
OUTPUT packet died: " --log-level 7
-A allowed -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A allowed -p tcp -j DROP
-A allowed -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A allowed -p tcp -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state
NEW -j REJECT --reject-with tcp-reset
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state
NEW -j LOG --log-prefix "New not syn:"
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state
NEW -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state
NEW -j REJECT --reject-with tcp-reset
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state
NEW -j LOG --log-prefix "New not syn:"
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state
NEW -j DROP
-A tcp_packets -p tcp -m tcp --dport 21 -j allowed
-A tcp_packets -p tcp -m tcp --dport 80 -j allowed
-A tcp_packets -p tcp -m tcp --dport 21 -j allowed
-A tcp_packets -p tcp -m tcp --dport 80 -j allowed
-A udp_packets -p udp -m udp --sport 53 -j ACCEPT
-A udp_packets -s 10.30.0.1 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A udp_packets -p udp -m udp --sport 53 -j ACCEPT
-A udp_packets -s 10.30.0.1 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A udp_packets -p udp -m udp --sport 53 -j ACCEPT
COMMIT
# Completed on Sun Jul 31 14:30:05 2005
'top' shows the following on top:
top - 14:31:41 up 4 days, 13:48, 2 users, load average: 0.00, 0.00, 0.00
Tasks: 77 total, 1 running, 76 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3% us, 0.1% sy, 0.0% ni, 99.6% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 774368k total, 758112k used, 16256k free, 46804k buffers
Swap: 1052248k total, 656k used, 1051592k free, 503680k cached
So I really don't see where the 'Resources temporarily unavailable' comes in to
play.
The system is spec'ed as follows:
Dual PIII 450Mhz CPUs
768MB RAM
Pair of nics (Boomerang and an Nat. Semi.)
'uname -a':
Linux helios 2.6.8 #1 SMP Tue Jul 26 22:46:14 CDT 2005 i686 GNU/Linux
Which is a custom built 2.6.8 kernel. Next step will be to verify against
stock debian 2.6.8-i686-SMP kernel, will notify if anything changes, otherwise
assume same situation within 24 hours of this message.
--- End Message ---
