The named process was mostly unresponsive for approximately 5 minutes
(DNS queries timed out), then finally crashed with the messages
reported in the original bug.
Here's an excerpt from our syslog ("ANONYMIZED" replaces text that may
be confidential or security sensitive), showing the period of
unresponsiveness:
May 14 00:18:10 ns1 named[2264]: client ANONYMIZED#10203: updating zone
'ANONYMIZED/IN': update unsuccessful: ANONYMIZED: 'name in use'
prerequisite not satisfied (NXDOMAIN)
May 14 00:19:01 ns1 /USR/SBIN/CRON[3289]: (root) CMD ( run-parts --report
/etc/cron.5min)
May 14 00:21:04 ns1 named[2264]: zone ANONYMIZED/IN: expired
May 14 00:22:10 ns1 ntpd[2223]: synchronized to ANONYMIZED, stratum 2
May 14 00:24:01 ns1 /USR/SBIN/CRON[3549]: (root) CMD ( run-parts --report
/etc/cron.5min)
May 14 00:25:01 ns1 /USR/SBIN/CRON[3566]: (root) CMD ([ -x /usr/lib/sysstat/sa1
] && { [ -r "$DEFAULT" ] && . "$DEFAULT" ; [ "$ENABLED" = "true" ] && exec /us
r/lib/sysstat/sa1 $SA1_OPTIONS 1 1 ; })
May 14 00:25:14 ns1 ntpd[2223]: synchronized to ANONYMIZED, stratum 2
May 14 00:26:05 ns1 named[2264]: socket.c:2242: fatal error:
May 14 00:26:05 ns1 named[2264]: select() failed: Unknown error 514
May 14 00:26:05 ns1 named[2264]: exiting (due to fatal error in library)
At first, I thought this was related to the OpenSSL security fix
(which updates more than just the seeding problem, but I'll discuss
that elsewhere). However, this is an old, outstanding bug, so...
This is a big bother; it takes -- at best -- 25 minutes for named to
start from scratch, at worst well over an hour. I work for a DNS
provider, so we have a few zones to provide.
I'd love to bump the severity of this bug. :)
I'm sorry that I don't have strace output to provide.
Package versions installed:
||/ Name Version Description
+++-==============-==============-============================================
ii adduser 3.102 Add and remove users and groups
ii bind9 9.3.4-2etch1 Internet Domain Name Server
ii libbind9-0 9.3.4-2etch1 BIND9 Shared Library used by BIND
ii libc6 2.3.6.ds1-13et GNU C Library: Shared libraries
ii libdns22 9.3.4-2etch1 DNS Shared Library used by BIND
ii libisc11 9.3.4-2etch1 ISC Shared Library used by BIND
ii libisccc0 9.3.4-2etch1 Command Channel Library used by BIND
ii libisccfg1 9.3.4-2etch1 Config File Handling Library used by
BIND
ii liblwres9 9.3.4-2etch1 Lightweight Resolver Library used by
BIND
ii libssl0.9.8 0.9.8c-4etch3 SSL shared libraries
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init script
function
ii netbase 4.29 Basic TCP/IP networking system
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
