LINUX.ORG.RU
ФорумAdmin

Зависает bind


0

1

Добрый день.

Такая вот проблемка приключилась имеется BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1

на системе Centos minimal 6.4

все вроде работает как должно, активно не используется ... однако через какое-то время он тупо перестает отвечать на запросы, после перезагрузки сервиса работоспособность возвращается, однако когда через н-ое время заходишь поинтересоваться как он там он ничего не резолвит.

Может кто может подсказать куда копать или в чем может быть трабла ?

Благодарю


Ответ на: комментарий от ogiel

[root@a6568s03 ~]# telnet 10.184.0.88 53 │ Trying 10.184.0.88... │ Connected to 10.184.0.88. │ Escape character is '^]'. │ Connection closed by foreign host.

Это я пробовал телнетиться когда он в рабочем состоянии ...

bdod ()

а посмотреть внимательно, твой бинд не перезапускается часом без твоего ведома ?

W ★★★★★ ()

Для начала стоит включить ему дебаг (а ещё желательно поставить, скажем, раз в минуту запрос типа host porno.com dns-ip, чтобы определить, в какой именно момент оно перестаёт работать).

undertaker ★★ ()

Прошу прощения что сразу не выложил логи ... торможу что-то

named.misc

18-Feb-2014 10:48:56.258 dnssec: info: validating @0x7fbe084ca2f0: com NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.259 lame-servers: info: error (insecurity proof failed) resolving 'com/NS/IN': 10.184.0.101#53
18-Feb-2014 10:48:56.438 dnssec: info: validating @0x7fbe08468610: . NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.438 lame-servers: info: error (insecurity proof failed) resolving './NS/IN': 10.184.0.101#53
18-Feb-2014 10:48:56.478 lame-servers: info: error (chase DS servers) resolving 'jci.com/DS/IN': 10.184.0.101#53
18-Feb-2014 10:48:56.479 dnssec: info: validating @0x7fbe08468610: com NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.479 lame-servers: info: error (insecurity proof failed) resolving 'com/NS/IN': 10.184.0.101#53
18-Feb-2014 10:48:56.483 dnssec: info: validating @0x7fbe08468610: . NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.483 lame-servers: info: error (insecurity proof failed) resolving './NS/IN': 10.130.131.240#53
18-Feb-2014 10:48:56.524 dnssec: info: validating @0x7fbe08468610: com NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.524 lame-servers: info: error (insecurity proof failed) resolving 'com/NS/IN': 10.130.131.240#53
18-Feb-2014 10:48:56.528 dnssec: info: validating @0x7fbe08468610: . NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.528 lame-servers: info: error (insecurity proof failed) resolving './NS/IN': 10.130.131.92#53
18-Feb-2014 10:48:56.569 dnssec: info: validating @0x7fbe08468610: com NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.569 lame-servers: info: error (insecurity proof failed) resolving 'com/NS/IN': 10.130.131.92#53
18-Feb-2014 10:48:56.784 lame-servers: info: error (chase DS servers) resolving 'jci.com/DS/IN': 10.130.131.92#53
18-Feb-2014 10:48:56.829 dnssec: info: validating @0x7fbe084ca2f0: com NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.829 lame-servers: info: error (insecurity proof failed) resolving 'com/NS/IN': 10.130.131.240#53
18-Feb-2014 10:48:56.875 dnssec: info: validating @0x7fbe084ca2f0: com NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.875 lame-servers: info: error (insecurity proof failed) resolving 'com/NS/IN': 10.130.131.92#53
18-Feb-2014 10:48:56.875 dnssec: info: validating @0x7fbe084ca2f0: com NS: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:56.875 lame-servers: info: error (insecurity proof failed) resolving 'com/NS/IN': 10.184.0.101#53
18-Feb-2014 10:48:56.876 lame-servers: info: error (network unreachable) resolving 'com/NS/IN': 2001:503:a83e::2:30#53
18-Feb-2014 10:48:57.096 lame-servers: info: error (network unreachable) resolving 'jci.com/DS/IN': 2001:503:231d::2:30#53
18-Feb-2014 10:48:57.314 dnssec: info:   validating @0x7fbe084b36c0: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:57.382 dnssec: info:   validating @0x7fbe084e47b0: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:57.382 lame-servers: info: error (no valid RRSIG) resolving 'jci.com.dlv.isc.org/DS/IN': 10.130.131.92#53
18-Feb-2014 10:48:57.429 dnssec: info:   validating @0x7fbe084e47b0: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:57.429 lame-servers: info: error (no valid RRSIG) resolving 'jci.com.dlv.isc.org/DS/IN': 10.130.131.240#53
18-Feb-2014 10:48:57.476 dnssec: info:   validating @0x7fbe084e47b0: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:57.476 lame-servers: info: error (no valid RRSIG) resolving 'jci.com.dlv.isc.org/DS/IN': 10.184.0.101#53
18-Feb-2014 10:48:57.616 dnssec: info:   validating @0x7fbe084e47b0: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:57.616 lame-servers: info: error (no valid RRSIG) resolving 'my.jci.com.dlv.isc.org/DS/IN': 10.130.131.240#53
18-Feb-2014 10:48:57.662 dnssec: info:   validating @0x7fbe084e47b0: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:57.662 lame-servers: info: error (no valid RRSIG) resolving 'my.jci.com.dlv.isc.org/DS/IN': 10.130.131.92#53
18-Feb-2014 10:48:57.708 dnssec: info:   validating @0x7fbe084e47b0: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
18-Feb-2014 10:48:57.709 lame-servers: info: error (no valid RRSIG) resolving 'my.jci.com.dlv.isc.org/DS/IN': 10.184.0.101#53
18-Feb-2014 10:48:57.773 lame-servers: info: error (insecurity proof failed) resolving 'my.jci.com.dlv.isc.org/DLV/IN': 10.130.131.240#53

bdod ()

еще один лог

named.query

18-Feb-2014 06:59:29.447 client 127.0.0.1#38694: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 06:59:32.140 client 127.0.0.1#58387: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 06:59:32.141 client 127.0.0.1#56539: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 06:59:32.141 client 127.0.0.1#60236: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 07:47:29.603 client 127.0.0.1#34517: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 07:47:30.793 client 127.0.0.1#56788: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 07:47:30.793 client 127.0.0.1#45441: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 07:47:30.793 client 127.0.0.1#55496: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 07:58:47.558 client 127.0.0.1#58564: query: 133.2.184.10.in-addr.arpa IN PTR + (127.0.0.1)
18-Feb-2014 07:58:49.561 client 127.0.0.1#41661: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 07:58:49.562 client 127.0.0.1#41355: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 07:58:49.562 client 127.0.0.1#58737: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 07:58:49.562 client 127.0.0.1#54829: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 09:01:01.915 client 127.0.0.1#55372: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 09:01:06.921 client 127.0.0.1#54316: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 09:01:06.925 client 127.0.0.1#50827: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 09:01:07.404 client 127.0.0.1#38618: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 09:27:34.771 client 127.0.0.1#50394: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 09:27:34.772 client 127.0.0.1#54900: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 09:27:34.772 client 127.0.0.1#41168: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 09:27:34.772 client 127.0.0.1#41875: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 10:00:34.048 client 10.184.0.88#33148: query: yandex.ru IN A + (10.184.0.88)
18-Feb-2014 10:01:01.468 client 127.0.0.1#42856: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 10:01:01.469 client 127.0.0.1#41014: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 10:01:01.469 client 127.0.0.1#50562: query: _kerberos-master._udp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 10:01:01.469 client 127.0.0.1#33660: query: _kerberos-master._tcp.AG.EU.JCI.COM IN SRV + (127.0.0.1)
18-Feb-2014 10:02:55.389 client 10.184.0.88#45229: query: seasonver.ru IN A + (10.184.0.88)
18-Feb-2014 10:40:22.446 client 127.0.0.1#57544: query: porno.com IN A + (127.0.0.1)
18-Feb-2014 10:40:23.385 client 127.0.0.1#55630: query: porno.com IN AAAA + (127.0.0.1)
18-Feb-2014 10:40:23.460 client 127.0.0.1#48789: query: porno.com IN MX + (127.0.0.1)
18-Feb-2014 10:41:48.088 client 10.184.0.88#49529: query: porno.com IN A + (10.184.0.88)
18-Feb-2014 10:41:48.089 client 10.184.0.88#38706: query: porno.com IN AAAA + (10.184.0.88)
18-Feb-2014 10:41:48.089 client 10.184.0.88#59222: query: porno.com IN MX + (10.184.0.88)
18-Feb-2014 10:41:55.694 client 10.184.0.88#60194: query: porno.com IN A + (10.184.0.88)
18-Feb-2014 10:41:55.694 client 10.184.0.88#53813: query: porno.com IN AAAA + (10.184.0.88)
18-Feb-2014 10:41:55.695 client 10.184.0.88#43948: query: porno.com IN MX + (10.184.0.88)
18-Feb-2014 10:41:56.659 client 10.184.0.88#35991: query: porno.com IN A + (10.184.0.88)
18-Feb-2014 10:41:56.660 client 10.184.0.88#48804: query: porno.com IN AAAA + (10.184.0.88)
18-Feb-2014 10:41:56.660 client 10.184.0.88#55882: query: porno.com IN MX + (10.184.0.88)
18-Feb-2014 10:41:57.664 client 10.184.0.88#44716: query: porno.com IN A + (10.184.0.88)
18-Feb-2014 10:41:57.665 client 10.184.0.88#55882: query: porno.com IN AAAA + (10.184.0.88)
18-Feb-2014 10:41:57.665 client 10.184.0.88#51174: query: porno.com IN MX + (10.184.0.88)
18-Feb-2014 10:42:02.452 client 10.184.0.88#56401: query: porno.com IN A + (10.184.0.88)
18-Feb-2014 10:42:02.452 client 10.184.0.88#47521: query: porno.com IN AAAA + (10.184.0.88)
18-Feb-2014 10:42:02.453 client 10.184.0.88#40891: query: porno.com IN MX + (10.184.0.88)
18-Feb-2014 10:42:46.173 client 10.184.0.88#43195: query: porno.com IN A + (10.184.0.88)
18-Feb-2014 10:42:46.174 client 10.184.0.88#51518: query: porno.com IN AAAA + (10.184.0.88)
18-Feb-2014 10:42:46.174 client 10.184.0.88#41386: query: porno.com IN MX + (10.184.0.88)

Для начала стоит включить ему дебаг (а ещё желательно поставить, скажем, раз в минуту запрос типа host porno.com dns-ip, чтобы определить, в какой именно момент оно перестаёт работать).

Насчет запроса отличная мысль ,надо сделать, ... а что за дебаг и как включается ?

bdod ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.