At Mon, 28 Jul 2008 09:50:32 +0300,
Sotiris Tsimbonis [EMAIL PROTECTED] wrote:
After 12 hours of running, no problems yet.
Unfortunately, it crashed again..
Thanks for the report and testing, but according to the gdb output:
Thread 5 (process 94479):
#0 0xff1c097c in ___sigtimedwait
At Tue, 29 Jul 2008 04:09:27 -0700 (PDT),
Prabhat Rana [EMAIL PROTECTED] wrote:
I have BIND 9.5.1b1 running on Solaris 10. I have set my
max-cache-size to 2048M. How does BIND 9.5.1b1 cleans the cache? I
heard it doesn't use the cleaning-interval anymore with this version
even if you specify
At Thu, 31 Jul 2008 09:57:03 -0700 (PDT),
W Sanders [EMAIL PROTECTED] wrote:
[ then the sequence might repeat a few times .. followed by ]
30-Jul-2008 20:11:36.969 general: failed to start watching FD (22): invalid
file
30-Jul-2008 20:11:36.974 general: failed to start watching FD (22):
At Sat, 02 Aug 2008 03:06:02 -0500,
Walter [EMAIL PROTECTED] wrote:
I downloaded P2 tonight and did what was suggested in the CHANGES file.
Here is my configure statement:
STD_CDEFINES=-DISC_SOCKET_FDSETSIZE=4096 ./configure
--prefix=/usr/local/bind-9.5.0-P2 --sysconfdir=/var/named
It
At Sat, 02 Aug 2008 10:28:24 -0500,
Walter [EMAIL PROTECTED] wrote:
Yes, it was returning SERVFAIL errors to queries. No, it didn't appear
that it was ignoring queries - just giving the SERVFAILs.
It didn't
matter if I queried for a name that was already cached.
If so, and if servers
At Mon, 4 Aug 2008 14:40:02 +0200,
Matus UHLAR - fantomas [EMAIL PROTECTED] wrote:
As long as cleaning-interval was made obsolete by BIND9.5, since memory
management was changed, is this planned for acache-cleaning-interval, or is
there reason not to do so?
The former (but just in case this
At Tue, 5 Aug 2008 13:20:03 -0400,
Emery Rudolph [EMAIL PROTECTED] wrote:
This is exactly what I did not want to hear. I have been using the 9.5.0-P1
version was hoping the too many file descriptors error was going to be
solved in the P2 distribution. Several ISC representatives promised as
For those who've seen a crash of recent beta versions on entry of
resolver.c:resquery_response() like this:
17-Jul-2008 13:20:48.425 general: resolver.c:5494: REQUIREquery) !=
((void *)0)) (((const isc__magic_t *)(query))-magic == ((('Q') 24
| ('!') 16 | ('!') 8 | ('!')) failed
At Tue, 5 Aug 2008 02:56:09 -0400,
grarpamp [EMAIL PROTECTED] wrote:
Hi. I upgraded from 941p1 to 951b1. Now I get servfail's on simple
dig's of random domains such as the one below and can't figure out
why. If I kill the server and restart, some other domain might go
servfail. I've attached
At Sat, 2 Aug 2008 17:21:31 +0100,
James Ponder [EMAIL PROTECTED] wrote:
I'm confused why Bind would accept the g.www.ms.akadns.net CNAME when it
asked about toggle.www.ms.akadns.net and yet not accept the A records
for lb1.www.ms.akadns.net at the same time?
I'm also not seeing the
At Wed, 6 Aug 2008 16:05:27 +0800,
Elias [EMAIL PROTECTED] wrote:
I've tried that too, but its still not working. All it does is to just make
BIND run a little longer before the 'too many open file descriptors' error
shows up again.
And is your server really opening more than 3000 UDP
At Wed, 6 Aug 2008 16:38:43 +0800,
Elias [EMAIL PROTECTED] wrote:
I'm not sure if this is how we check for the number of sockets
opened, but I'm seing over 4000. The number of recursive clients
will also increase when using the P2 release (it was between 700-900
when running 9.5.1b1).
Hmm,
At Thu, 7 Aug 2008 00:26:04 -0400,
Vinny Abello [EMAIL PROTECTED] wrote:
Huh... maybe I was right in the first place. I left dnsperf running
and named ran out of memory. In my syslog I had a lot of these
swap_pager_getswapspace failed messages followed by named finally
dying (again, FreeBSD
At Thu, 7 Aug 2008 00:58:23 -0400,
Vinny Abello [EMAIL PROTECTED] wrote:
OK. I've recompiled BIND 9.5.0-P2 (from ports) without threads
enabled. I no longer see the memory leak at all. I'm running dnsperf
and I see a constant of 18MB which is much more reasonable for what
I am doing. For me
At Thu, 7 Aug 2008 14:48:52 +0800,
Elias [EMAIL PROTECTED] wrote:
Is there any change if you build named with/without threads (and with
FD_SETSIZE=4096)?
-- have yet to try this. Will test and let you know.
How many queries per second is that server normally accepting?
-- we're seing
At Thu, 7 Aug 2008 10:33:25 -0400,
Vinny Abello [EMAIL PROTECTED] wrote:
===
- create a symbolic link from /etc/malloc.conf to X:
# ln -s X /etc/malloc.conf
What exactly is this trying to accomplish here? JFYI, I don't
At Thu, 7 Aug 2008 10:59:22 -0700,
Kai Lanz [EMAIL PROTECTED] wrote:
We're seeing a failure very similar to what Bob McElrath reported. We
just
installed BIND 9.5.0-P1 on Alpha/Tru64-4.0G (we had previously been
running
BIND 8). After an hour and a half, named terminated with the
At Thu, 7 Aug 2008 00:58:23 -0400,
Vinny Abello [EMAIL PROTECTED] wrote:
Interestingly, without threads I am seeing pretty much the same
performance as with threads, but am only using one CPU and now have
extra horsepower to spare. I know the maintainer of the BIND95 port
on FreeBSD enabled
At Thu, 7 Aug 2008 14:58:33 -0400,
S.D.A. [EMAIL PROTECTED] wrote:
I want to upgrade to a stable release of Bind (non-beta). Does 9.4.2
have port range specification functionality?
No, it's only for beta versions. You could still enumerate every port
that should be avoided using the
At Thu, 7 Aug 2008 14:37:42 -0700,
Kai Lanz [EMAIL PROTECTED] wrote:
Did named dump a core? If so, can we see its
backtrace?
It did dump a corefile; here's a stack trace. Look at thread 0xb to
see the assertion failure at rbtdb.c line 1439. (Threads 0x9 and
0x11 also seem to have
At Fri, 08 Aug 2008 14:24:31 -0500,
Walter Gould [EMAIL PROTECTED] wrote:
I guess we need more information to diagnose:
- your detailed configuration (named.conf)
Jinmei,
See our attached named.conf file.
I have a couple of suggestions:
1. you should specify a larger
At Fri, 08 Aug 2008 16:56:25 -0700,
David Sparks [EMAIL PROTECTED] wrote:
If, on the other hand, you're trying to answer the question why do I
get a SERVFAIL, some of the time, for some names, seemingly at random?,
then I don't know that a targeted tcpdump is going to help. You might
At Mon, 11 Aug 2008 19:44:41 -0400,
Gabriel Somlo [EMAIL PROTECTED] wrote:
Did you actually confirm this behavior? As far as I understand the
code (and I actually checked the behavior previously) BIND9 doesn't
replace an authoritative RRset with a glue. Or in other words, it
strictly
At Mon, 11 Aug 2008 16:04:32 -0400,
Vinny Abello [EMAIL PROTECTED] wrote:
# gdb path_to_named path_to_core
(gdb) thread apply all bt full
Let me know if you need everything that it returns. Most of it
beyond the following seems like it doesn't give much of any
information. Maybe this is
At Mon, 11 Aug 2008 19:38:57 -0700 (PDT),
Fr34k [EMAIL PROTECTED] wrote:
Running 9.5.0-P2 on Solaris 9 and I continue to get socket: too many open
file descriptors messages.
I have tried ulimit -n foobar where foobar has been various numerical
values and I still get the error.
Am I just
At Sat, 09 Aug 2008 19:54:10 -0500,
Walter [EMAIL PROTECTED] wrote:
Based on your above sugestions, I did the following:
1) set my max-cache-size to 320MB (I thought ten times the default
would be ok - this box has 2gb or ram)
2) set my recursive-clients to 10,000
Everything rocked
At Tue, 12 Aug 2008 17:51:06 +0400,
OK... This is well known bug.
=== named.conf ===
[...]
options {
max-cache-size 500M;
};
[...]
==
named with threads (8 threads, 1 thread per CPU)
Memory Usege grows very quickly. Top memory usage - system limit (2Gb),
At Mon, 11 Aug 2008 22:32:43 -0700 (PDT),
Fr34k [EMAIL PROTECTED] wrote:
Usual question:
- did you build named with a large value of FD_SETSIZE?
ANSWER: No. I'm not even sure how to change it. Would I edit
lib/isc/unix/socket.c? Should I change it?
You should build named by setting
At Wed, 13 Aug 2008 12:28:23 -0700,
David Sparks [EMAIL PROTECTED] wrote:
Usual question:
- did you build named with a large value of FD_SETSIZE?
I just found out I have a similar problem with BIND 9.5.0-P2. I have nofile
set to 8192 but it doesn't seem to be respected by named? Why
At Wed, 13 Aug 2008 09:36:18 +0200,
Hans F. Nordhaug [EMAIL PROTECTED] wrote:
In the quest for securing the name servers in a company I try to help,
I have gotten into to trouble. The company is running CentOS 5.0 and I
have updated their Bind to 9.3.4_P1. In addition, I planned to remove
the
At Thu, 14 Aug 2008 01:42:40 +0200,
Hans F. Nordhaug [EMAIL PROTECTED] wrote:
Do you mean any query always fails, or some queries sometime fail
(while some others succeed)?
Thx for replying.
Any recursive query, i.e., any query for some domain the server isn't
authorative for, fails.
At Thu, 14 Aug 2008 11:05:26 -0700,
David Sparks [EMAIL PROTECTED] wrote:
You could add a cmdline option to configure to override the calculated
value. ie:
./configure --max-fd=256
We've already provided this knob in a different form: ISC_SOCKET_FDSETSIZE.
The difficult part is to
At Thu, 14 Aug 2008 10:46:18 -0500,
Walter Gould [EMAIL PROTECTED] wrote:
I have found my problem. Your above statement it seems to be handling a
high volume of queries (several thousands concurrent clients) was right
on target. I decided to look more closely at the traffic that was
At Fri, 15 Aug 2008 10:27:13 +1000,
Mark Andrews [EMAIL PROTECTED] wrote:
fctx 0x87b7b20(images.yandex.ru/A'): query
fctx 0x87b7b20(images.yandex.ru/A'): done
This seems to indicate creating a query socket somehow failed. Can
you build BIND by hand to see if you can reproduce
At Mon, 04 Aug 2008 16:12:47 -0700,
Doug Barton [EMAIL PROTECTED] wrote:
By default in FreeBSD the directory option is set to /etc/namedb (the
traditional name in *BSD), and that directory is set to 755 root:wheel
which means that named cannot write to it after it drops privileges.
This is
At Mon, 18 Aug 2008 19:30:33 +0800,
BroBind BroBind [EMAIL PROTECTED] wrote:
We're running RHEL4-U3 x86_64 OS using bind-9.3.5-P2 (patched from
bind-9.3.5-P1). I still got error this error socket: too many open file
descriptors when I applied this options.
At Wed, 20 Aug 2008 13:33:14 +0800,
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
But recently , i use a pc client as a dns client ,when i use nslookup to test
dns ,about 20-25 percent of dns is timeout ;
I want to you when i use chroot to start bind ,if i have performace
influence ;and
At Fri, 22 Aug 2008 16:53:56 -0400 (Eastern Daylight Time),
Mike Diggins [EMAIL PROTECTED] wrote:
There have been numerous postings from people having problems with BIND
9.5.0x and Solaris 10 (too many open file descriptors). I see a few posts
of similar problems with 9.4.2x and Solaris 10.
At Wed, 27 Aug 2008 00:13:03 -0400,
L. Gabriel Somlo [EMAIL PROTECTED] wrote:
I believe the attached patch fixes Dan Kaminsky's bug, and puts us
back to where an attacker would have to wait for the TTL to expire
before being able to poison the cache.
Anyone see any reason why we shouldn't
At Tue, 26 Aug 2008 21:18:23 -0400,
CB [EMAIL PROTECTED] wrote:
I'm hoping someone can help as I am completely confused and the BIND ARM
doesnt answer my questions. For one it doesnt explain what categories are
inclusive of others, if any, which I would think some are.
For example:
I
At Tue, 26 Aug 2008 21:26:07 -0400,
Vinny Abello [EMAIL PROTECTED] wrote:
I received the following message from someone with some possible
insight to what could be causing this. I have no knowledge of the
BIND source code or structure, nor have I looked for the call this
is referring to in
At Wed, 27 Aug 2008 09:18:52 -0500 (CDT),
[EMAIL PROTECTED] wrote:
I believe 'rndc dumpdb' triggered the crash. We've recently fixed a
bug that can cause various types of crash triggered by 'rndc dumpdb'.
The fix will appear in 9.5.1b2. In the mean time, if you're
interested please try the
At Wed, 27 Aug 2008 10:37:08 -0400,
rick pim [EMAIL PROTECTED] wrote:
9.4.2b2, solaris 5.10 compiled with the vendor's gcc:
27-Aug-2008 02:24:36.126 general: critical: resolver.c:5494:
REQUIREquery) != 0) (((const isc__magic_t *)(query))-magic == (
(('Q') 24 | ( '!') 16 | ( '!') 8
At Wed, 27 Aug 2008 11:02:27 -0400,
L. Gabriel Somlo [EMAIL PROTECTED] wrote:
I'm pretty sure that this patch doesn't avoid all variations of
Kaminsky's attack,
Hehe... I never claimed my one-character patch would fix *all* bugs
in bind -- I don't have *that* kind of power ;)
Okay, but
At Tue, 2 Sep 2008 08:51:51 -0500 (CDT),
[EMAIL PROTECTED] wrote:
Sorry for the trouble. The diff was against the latest development
code (for 9.6). I didn't thought there was a critical difference
between the latest code and 9.5 version of rbtdb.c, but I seemed to be
wrong. I've updated
At Tue, 2 Sep 2008 16:51:55 -0400,
L. Gabriel Somlo [EMAIL PROTECTED] wrote:
Of course, if the recursive server has cached a valid www.cnn.com/A,
the result of the attack won't be effective until it expires. But
once it expires, the attacker gets the full control of it and keeps
the
At Wed, 27 Aug 2008 21:12:48 -0400,
Kevin Darcy [EMAIL PROTECTED] wrote:
I'm hoping someone can help as I am completely confused and the BIND ARM
doesnt answer my questions. For one it doesnt explain what categories are
inclusive of others, if any, which I would think some are.
For
At Mon, 08 Sep 2008 12:56:13 -0400,
Jeffrey Collyer [EMAIL PROTECTED] wrote:
Running bind 9.5.0-P2 with -DISC_SOCKET_FDSETSIZE=8192
on Solaris 8, recently patched, on Sparc. Server is DNS only, on
reasonably old hardware, and thus fairly busy most of the time.
Got this in the the logs :
At Thu, 11 Sep 2008 15:49:56 +0200,
Gilles Massen [EMAIL PROTECTED] wrote:
I'm trying to make something useful from the new statistics, via the
statistics-channel (BTW, the xml formatted statistics are a pretty good
idea).
However, I'm not not getting anything counted in the Resolvers
At Tue, 16 Sep 2008 08:14:43 +0100,
Jan Arild Lindstrøm [EMAIL PROTECTED] wrote:
is there really none that can explain why clients-per-query get so high even
though
max-clients-per-query = 100 ?
First, please be more specific about operational environment: the
exact BIND9 version, not
At 20 Sep 2008 23:41:50 +0100,
Chris Thompson [EMAIL PROTECTED] wrote:
[...]
This is a known problem and will be fixed in 9.5.1b2. It will be
released early next week (note that I'm not saying 'hopefully' this
time:-).
Are we going to see 9.4.3b3 at the same time?
Yes.
---
JINMEI,
At Thu, 28 Aug 2008 20:05:02 +0200,
Ulrich David [EMAIL PROTECTED] wrote:
I'm testing some configuration for my caching name server with Bind
9.4.2-P2 using resperf. The server is a dual Core Xeon at 2,3GHz 2GB
Ram runing gentoo linux. The goal is to have maximum performance from
this
At Fri, 26 Sep 2008 14:01:18 +0200,
Bart Van den Broeck [EMAIL PROTECTED] wrote:
Hi, I have compiled and used 9.5 on several Linuxplatforms but we have to
restart the bind-process every day since it stop ansver for some domains
after some time.
The DNS is recursive and the domain it
At Wed, 1 Oct 2008 10:08:36 -0700,
Chris Buxton [EMAIL PROTECTED] wrote:
BIND9 has no problem with seeing new interfaces. You don't need rndc
for
that, it's quite automatic. You can use interface-interval to adjust
the
frequency of the checking.
Only if named is running as root.
At Mon, 22 Sep 2008 20:52:02 +0300,
Bind Petras [EMAIL PROTECTED] wrote:
I have the same problem, since there is no reply from BroBind, I'll
post answers about my system: - OS kernel version The problem is
noticed on systems running openSUSE 10.1 with kernels
2.6.16.21.-0.13-smp and
At Mon, 27 Oct 2008 14:56:18 -0500 (CDT),
[EMAIL PROTECTED] wrote:
One problem that I see is this - the mail comes from the same nodename
as the authoritative DNS server for the sub-domain, so if BIND does not
have the address of
igpp.ucla.edu
then it needs that address in order to
At Mon, 27 Oct 2008 13:23:20 -0700 (PDT),
Fr34k [EMAIL PROTECTED] wrote:
Below, there is a statement:
If it's occasional, that may be a known bug in 9.5 about
cache entry management, and will be fixed in the next beta
I am testing 9.5.1b2.
Is 9.5.1b2 affected by this known bug?
Yes, but
At Fri, 31 Oct 2008 14:22:33 -0500 (CDT),
[EMAIL PROTECTED] wrote:
There are a number of problems that arise out of trying to find the
authoritive answer to the question
What is the A record for igpp.ucla.edu?
1) Sometimes I get SERVFAIL when I query my local name servers.
And I
At Wed, 5 Nov 2008 08:09:03 +0100,
=?ISO-8859-1?Q?Sebastian_Tymk=F3w?= [EMAIL PROTECTED] wrote:
Recently I've sent questions about edns and logs but now I'm wonder how does
bind answer
for such thing like ends.
Sometimes I receive 2-5 messages like this:
Nov 5 08:02:09 hostname
At Tue, 4 Nov 2008 16:01:16 -0700,
Justin T Pryzby [EMAIL PROTECTED] wrote:
A handful of times now our bind server (currently at 9.5.0, tracking
ubuntu intrepid), has stopped responding to requests. We notice this,
You should mean 9.5.0-P2 or some beta versions of 9.5.1. Please be
more
At Sat, 8 Nov 2008 17:58:55 -0800,
Steve Koon [EMAIL PROTECTED] wrote:
Is there a way to retrieve (or log during request) the actual queries
that made up the count for the NXRRSET and NXDOMAIN statistics? I am
curious what record types and queries that could not be served by this
domain.
The
At Mon, 10 Nov 2008 07:51:14 -0700,
The Doctor [EMAIL PROTECTED] wrote:
REporting problem in bind-9.4.3rc1
- Which operating system (and version) are you using?
- Have you seen this in 9.4.2-P2 or 9.4.3b[1-3], too?
- Does that change if you specify a small number for the
reserved-sockets
At Mon, 10 Nov 2008 18:14:22 -0700,
The Doctor [EMAIL PROTECTED] wrote:
- Which operating system (and version) are you using?
- Have you seen this in 9.4.2-P2 or 9.4.3b[1-3], too?
- Does that change if you specify a small number for the
reserved-sockets option in named.conf, e.g, like
63 matches
Mail list logo
