At Thu, 30 Jul 2009 22:16:47 +0700, Le Vu <lev....@gmail.com> wrote: > I have updated BIND from 9.4.2-P2 to 9.4.3-P3 to mitigate the Dynamic Update > DOS attack. I have noted a lot of errors from socket.c (which I have never > seen before with v9.4.2) > > Jul 30 06:25:18 DNS1 named[25555]: socket.c:4524: unexpected error: > Jul 30 06:25:18 DNS1 named[25555]: 22/Invalid argument > > There are also some of these errors: > Jul 30 07:26:17 DNS1 named[25555]: sockmgr 0xb7f05008: maximum number of FD > events (64) received > > BIND is compiled with following option on Centos 5.3 (another machine with > RHEL 4.4 has these error too): > ./configure --disable-openssl-version-check --with-openssl=no > > What should I do: > - go back to 9.4.2-P2 and use iptables to filter DNS update packet > - use another version of BIND > - ignore the error
If you didn't have a performance problem with 9.4.2-P2, please try rebuilding 9.4.3-P3 with --disable-epoll as a workaround. We've heard the problem you saw several times: https://lists.isc.org/pipermail/bind-users/2009-April/076026.html https://lists.isc.org/pipermail/bind-users/2009-May/076265.html but haven't figured out the cause of that. While it doesn't seem to be super rare, it doesn't seem to be so common...I myself have never seen this on my Linux test box, and many other Linux users apparently don't have this problem either (otherwise we'd have got this report much more frequently). If you're willing to help debug this problem (even if the workaround works), that would be great. Thanks, --- JINMEI, Tatuya Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
