Hi everyone, I experienced about a minute or so of my server not responding to things that require a certain type of access tonight. By "a certain type of access" I mean things like loading a new wterm window, or an invocation of "ps ax", or opening mail via IMAP. I don't know what the common denominator is. Mouse works, keyboard works, an open IPTraf window works and can be manipulated, Opera (already open) works.
During this time I notice that IPTraf's UDP window is very very active with DNS requests. Because IPTraf uses reverse lookups to identify sites, I quit it to at least half the traffic. I don't know if this helped, but when I checked syslog after the "freeze", I found quite a bit of "lame server on" error messages by named. I think this is the problem. And perhaps IPTraf's reverse lookup was exacerbating things by essentially doubling the UDP traffic. I'm using bind v9.1.3, and I -think- I've set it up fairly securely (those of you who want to try basic security checks can feel free to do so). In particular I use views to disable recursion and zone transfers from the outside world. I use secondary.com for backup DNS, and use TSIG to make sure only they can do a zone transfer (since they have to). Aside from the obvious "go djbdns" (hi Dek! :) :) ), are there any other suggestions as to what the problem could be? I'm attaching as an appendix to this message the list of all such error messages generated this morning via my system's logs. Thanks in advance. :) --> Jijo -- Federico Sevilla III :: [EMAIL PROTECTED] Network Administrator :: The Leather Collection, Inc. GnuPG Key: <http://jijo.leathercollection.ph/jijo.gpg> APPENDIX: Here is the filtered list of syslog entries. My apologies for including all this information, which significantly enlarges my message. I do this because I think that it is important for me to post this to allow the more experienced administrators to see the frequency of the occurences which I think is key information. jijo@gusi:~$ cat /var/log/syslog | grep ^Oct\ 22 | grep "lame server on" Oct 22 00:07:02 gusi /usr/sbin/named[340]: lame server on '6.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 00:07:03 gusi /usr/sbin/named[340]: lame server on '6.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 Oct 22 00:07:03 gusi /usr/sbin/named[340]: lame server on '6.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 00:07:03 gusi /usr/sbin/named[340]: lame server on '6.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 Oct 22 00:07:05 gusi /usr/sbin/named[340]: lame server on '8.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 00:07:06 gusi /usr/sbin/named[340]: lame server on '8.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 Oct 22 00:07:06 gusi /usr/sbin/named[340]: lame server on '8.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 00:07:07 gusi /usr/sbin/named[340]: lame server on '8.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 Oct 22 00:11:10 gusi /usr/sbin/named[340]: lame server on '5.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 00:11:10 gusi /usr/sbin/named[340]: lame server on '5.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 Oct 22 00:11:10 gusi /usr/sbin/named[340]: lame server on '5.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 00:11:11 gusi /usr/sbin/named[340]: lame server on '5.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 Oct 22 00:11:11 gusi /usr/sbin/named[340]: lame server on '7.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 00:11:11 gusi /usr/sbin/named[340]: lame server on '7.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 Oct 22 00:11:11 gusi /usr/sbin/named[340]: lame server on '7.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 00:11:11 gusi /usr/sbin/named[340]: lame server on '7.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 Oct 22 00:39:48 gusi /usr/sbin/named[340]: lame server on '6.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.28.130#53 Oct 22 00:39:48 gusi /usr/sbin/named[340]: lame server on '6.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.28.130#53 Oct 22 00:39:49 gusi /usr/sbin/named[340]: lame server on '6.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 192.148.252.10#53 Oct 22 00:39:49 gusi /usr/sbin/named[340]: lame server on '5.9.176.203.in-addr.arpa' (in '9.176.203.in-addr.arpa'?): 203.176.80.3#53 Oct 22 00:39:49 gusi /usr/sbin/named[340]: lame server on '5.9.176.203.in-addr.arpa' (in '9.176.203.in-addr.arpa'?): 203.176.80.3#53 Oct 22 00:39:49 gusi /usr/sbin/named[340]: lame server on '6.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.9.5#53 Oct 22 00:39:49 gusi /usr/sbin/named[340]: lame server on '6.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.28.130#53 Oct 22 00:39:49 gusi /usr/sbin/named[340]: lame server on '6.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.28.130#53 Oct 22 00:39:49 gusi /usr/sbin/named[340]: lame server on '5.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.9.5#53 Oct 22 00:39:49 gusi /usr/sbin/named[340]: lame server on '5.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.28.130#53 Oct 22 00:39:50 gusi /usr/sbin/named[340]: lame server on '5.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.28.130#53 Oct 22 00:39:50 gusi /usr/sbin/named[340]: lame server on '6.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.9.5#53 Oct 22 00:39:50 gusi /usr/sbin/named[340]: lame server on '5.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 192.148.252.10#53 Oct 22 00:39:50 gusi /usr/sbin/named[340]: lame server on '6.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 192.148.252.10#53 Oct 22 00:39:50 gusi /usr/sbin/named[340]: lame server on '5.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.28.130#53 Oct 22 00:39:50 gusi /usr/sbin/named[340]: lame server on '5.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.28.130#53 Oct 22 00:39:50 gusi /usr/sbin/named[340]: lame server on '5.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 203.176.9.5#53 Oct 22 00:39:50 gusi /usr/sbin/named[340]: lame server on '5.0.9.176.203.in-addr.arpa' (in '0.9.176.203.in-addr.arpa'?): 192.148.252.10#53 Oct 22 00:46:29 gusi /usr/sbin/named[340]: lame server on 'gra.ph' (in 'PH'?): 203.176.28.135#53 Oct 22 00:46:30 gusi /usr/sbin/named[340]: lame server on 'gra.ph' (in 'gra.PH'?): 165.220.24.69#53 Oct 22 00:46:30 gusi /usr/sbin/named[340]: lame server on '69.24.220.165.in-addr.arpa' (in '24.220.165.in-addr.arpa'?): 165.220.24.69#53 Oct 22 00:46:31 gusi /usr/sbin/named[340]: lame server on '65.24.220.165.in-addr.arpa' (in '24.220.165.in-addr.arpa'?): 165.220.24.69#53 Oct 22 01:25:39 gusi /usr/sbin/named[340]: lame server on '1.16.53.216.in-addr.arpa' (in '16.53.216.in-addr.arpa'?): 169.132.133.1#53 Oct 22 01:37:18 gusi /usr/sbin/named[340]: lame server on '103.62.172.199.in-addr.arpa' (in '62.172.199.in-addr.arpa'?): 137.39.1.3#53 Oct 22 01:37:31 gusi /usr/sbin/named[340]: lame server on '50.228.174.134.in-addr.arpa' (in '174.134.in-addr.arpa'?): 128.59.35.142#53 Oct 22 01:37:47 gusi /usr/sbin/named[340]: lame server on '50.12.156.204.in-addr.arpa' (in '50.12.156.204.in-addr.arpa'?): 129.250.35.32#53 Oct 22 01:37:51 gusi /usr/sbin/named[340]: lame server on '6.6.26.203.in-addr.arpa' (in '6.26.203.in-addr.arpa'?): 139.130.4.5#53 Oct 22 01:38:14 gusi /usr/sbin/named[340]: lame server on '39.10.229.137.in-addr.arpa' (in '229.137.in-addr.arpa'?): 192.220.251.7#53 Oct 22 01:38:14 gusi /usr/sbin/named[340]: lame server on '1.204.190.192.in-addr.arpa' (in '204.190.192.in-addr.arpa'?): 192.169.33.3#53 Oct 22 01:38:30 gusi /usr/sbin/named[340]: lame server on '150.5.77.193.in-addr.arpa' (in '77.193.in-addr.arpa'?): 192.16.202.11#53 Oct 22 01:38:31 gusi /usr/sbin/named[340]: lame server on '150.5.77.193.in-addr.arpa' (in '77.193.in-addr.arpa'?): 193.0.0.193#53 Oct 22 01:38:32 gusi /usr/sbin/named[340]: lame server on '17.129.47.194.in-addr.arpa' (in '129.47.194.in-addr.arpa'?): 192.71.220.10#53 Oct 22 01:38:39 gusi /usr/sbin/named[340]: lame server on '1.1.91.168.in-addr.arpa' (in '91.168.in-addr.arpa'?): 198.6.1.19#53 Oct 22 01:38:43 gusi /usr/sbin/named[340]: lame server on '93.204.89.213.in-addr.arpa' (in '89.213.in-addr.arpa'?): 193.0.0.193#53 Oct 22 01:38:45 gusi /usr/sbin/named[340]: lame server on '26.176.163.206.in-addr.arpa' (in '26.176.163.206.in-addr.arpa'?): 129.250.35.32#53 Oct 22 01:38:48 gusi /usr/sbin/named[340]: lame server on '4.216.170.209.in-addr.arpa' (in '216.170.209.in-addr.arpa'?): 207.106.7.7#53 Oct 22 01:38:51 gusi /usr/sbin/named[340]: lame server on '1.87.181.210.in-addr.arpa' (in '181.210.in-addr.arpa'?): 127.0.0.1#53 Oct 22 01:38:51 gusi /usr/sbin/named[340]: lame server on '1.87.181.210.in-addr.arpa' (in '181.210.in-addr.arpa'?): 211.216.50.150#53 Oct 22 01:38:55 gusi /usr/sbin/named[340]: lame server on '1.87.181.210.in-addr.arpa' (in '87.181.210.in-addr.arpa'?): 210.117.65.2#53 Oct 22 01:38:56 gusi /usr/sbin/named[340]: lame server on '5.23.180.193.in-addr.arpa' (in '23.180.193.in-addr.arpa'?): 192.71.220.13#53 Oct 22 01:39:00 gusi /usr/sbin/named[340]: lame server on '57.201.251.138.in-addr.arpa' (in '201.251.138.in-addr.arpa'?): 138.251.206.55#53 Oct 22 01:39:02 gusi /usr/sbin/named[340]: lame server on '2.148.9.203.in-addr.arpa' (in '148.9.203.in-addr.arpa'?): 192.189.54.17#53 Oct 22 01:39:17 gusi /usr/sbin/named[340]: lame server on '20.169.172.199.in-addr.arpa' (in '169.172.199.in-addr.arpa'?): 137.39.1.3#53 Oct 22 01:39:24 gusi /usr/sbin/named[340]: lame server on '105.62.172.199.in-addr.arpa' (in '62.172.199.in-addr.arpa'?): 198.6.1.81#53 Oct 22 01:39:29 gusi /usr/sbin/named[340]: lame server on '11.1.127.193.in-addr.arpa' (in '127.193.in-addr.arpa'?): 193.0.0.193#53 Oct 22 01:39:30 gusi /usr/sbin/named[340]: lame server on '17.89.155.202.in-addr.arpa' (in '89.155.202.in-addr.arpa'?): 202.155.0.15#53 Oct 22 01:39:30 gusi /usr/sbin/named[340]: lame server on '17.89.155.202.in-addr.arpa' (in '89.155.202.in-addr.arpa'?): 202.155.0.15#53 Oct 22 01:39:33 gusi /usr/sbin/named[340]: lame server on '150.50.216.211.in-addr.arpa' (in '216.211.in-addr.arpa'?): 127.0.0.1#53 Oct 22 01:39:36 gusi /usr/sbin/named[340]: lame server on '2.65.117.210.in-addr.arpa' (in '117.210.in-addr.arpa'?): 127.0.0.1#53 Oct 22 01:39:36 gusi /usr/sbin/named[340]: lame server on '2.65.117.210.in-addr.arpa' (in '117.210.in-addr.arpa'?): 211.216.50.150#53 Oct 22 01:39:48 gusi /usr/sbin/named[340]: lame server on 'wopr.ci.com.au' (in 'com.AU'?): 128.102.18.31#53 Oct 22 01:39:48 gusi /usr/sbin/named[340]: lame server on 'mippet.ci.com.au' (in 'com.AU'?): 128.102.18.31#53 Oct 22 01:39:57 gusi /usr/sbin/named[340]: lame server on '2.157.187.216.in-addr.arpa' (in '157.187.216.in-addr.arpa'?): 216.187.157.3#53 Oct 22 01:40:16 gusi /usr/sbin/named[340]: lame server on '60.210.136.66.in-addr.arpa' (in '210.136.66.in-addr.arpa'?): 151.164.1.7#53 Oct 22 01:40:16 gusi /usr/sbin/named[340]: lame server on '13.4.234.129.in-addr.arpa' (in '234.129.in-addr.arpa'?): 194.81.227.226#53 Oct 22 01:40:16 gusi /usr/sbin/named[340]: lame server on '60.210.136.66.in-addr.arpa' (in '210.136.66.in-addr.arpa'?): 151.164.1.1#53 Oct 22 01:40:17 gusi /usr/sbin/named[340]: lame server on '7.2.27.200.in-addr.arpa' (in '2.27.200.in-addr.arpa'?): 200.27.2.7#53 Oct 22 01:40:17 gusi /usr/sbin/named[340]: lame server on '60.210.136.66.in-addr.arpa' (in '210.136.66.in-addr.arpa'?): 151.164.1.7#53 Oct 22 01:40:17 gusi /usr/sbin/named[340]: lame server on '60.210.136.66.in-addr.arpa' (in '210.136.66.in-addr.arpa'?): 151.164.1.1#53 Oct 22 01:40:17 gusi /usr/sbin/named[340]: lame server on '7.2.27.200.in-addr.arpa' (in '2.27.200.in-addr.arpa'?): 200.27.2.7#53 Oct 22 01:40:18 gusi /usr/sbin/named[340]: lame server on '14.237.10.200.in-addr.arpa' (in '237.10.200.in-addr.arpa'?): 146.83.4.11#53 Oct 22 01:40:23 gusi /usr/sbin/named[340]: lame server on '100.79.216.192.in-addr.arpa' (in '79.216.192.in-addr.arpa'?): 198.6.1.65#53 Oct 22 01:40:24 gusi /usr/sbin/named[340]: lame server on '100.79.216.192.in-addr.arpa' (in '79.216.192.in-addr.arpa'?): 198.6.1.182#53 Oct 22 01:40:24 gusi /usr/sbin/named[340]: lame server on '100.79.216.192.in-addr.arpa' (in '79.216.192.in-addr.arpa'?): 198.6.1.182#53 Oct 22 01:40:24 gusi /usr/sbin/named[340]: lame server on '128.193.98.140.in-addr.arpa' (in '98.140.in-addr.arpa'?): 137.39.1.3#53 Oct 22 01:40:25 gusi /usr/sbin/named[340]: lame server on '100.79.216.192.in-addr.arpa' (in '79.216.192.in-addr.arpa'?): 198.6.1.65#53 Oct 22 01:40:37 gusi /usr/sbin/named[340]: lame server on '254.252.127.192.in-addr.arpa' (in '127.192.in-addr.arpa'?): 38.8.50.2#53 Oct 22 01:40:40 gusi /usr/sbin/named[340]: lame server on '15.8.62.198.in-addr.arpa' (in '8.62.198.in-addr.arpa'?): 192.153.156.3#53 Oct 22 01:40:58 gusi /usr/sbin/named[340]: lame server on '251.102.76.207.in-addr.arpa' (in '102.76.207.in-addr.arpa'?): 198.6.1.83#53 Oct 22 01:47:19 gusi /usr/sbin/named[340]: lame server on '6.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 207.82.198.150#53 Oct 22 01:47:20 gusi /usr/sbin/named[340]: lame server on '6.32.225.209.in-addr.arpa' (in '32.225.209.in-addr.arpa'?): 206.79.230.10#53 _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
