My 9.5.1-P3 exit suddenly.
Hi, We have a intel solaris 9 and bind9.5.1-P3 inside it. The named suddenly stopped at this morning. Here is it left: .. 11-Aug-2009 06:09:14.466 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: critical: socket.c:2413: INSIST(!sock-pending_recv) failed 11-Aug-2009 06:09:14.468 general: critical: exiting (due to assertion failure) What is the problem? Can I fix it? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: My 9.5.1-P3 exit suddenly.
ulimit -a ? Looks like as max open file descriptor limit exceeded. On FreeBSD/Linux boxes I use MONIT (http://mmonit.com/monit/) то check and restart bind. BBB Kee wrote: Hi, We have a intel solaris 9 and bind9.5.1-P3 inside it. The named suddenly stopped at this morning. Here is it left: ... 11-Aug-2009 06:09:14.466 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: critical: socket.c:2413: INSIST(!sock-pending_recv) failed 11-Aug-2009 06:09:14.468 general: critical: exiting (due to assertion failure) What is the problem? Can I fix it? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.5.1-P3 compilation problems.
Good morning, I've conducted two maintenance windows to upgrade our BIND primary server to the new code to address the recent security vulnerability, but cannot get past the error below. I have Openssl 9.8.0k installed. I have no problems running tests from the openssl prompt. I have tried exporting the LD_LIBRARY_PATH to include the /usr/local/ssl directory and have run the compilation with the --with-openssl=/usr/local/ssl switch to no avail. I am running Solaris 10 Sparc - I know that there is a precompiled version of this BIND release on Sunfreeware, but I am trying to upgrade our primary nameserver and would rather to this than a clean uninstall/install. Is there any insight into what wall I'm running into? checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... (cached) yes checking for size_t... yes checking for ssize_t... yes checking for uintptr_t... yes checking for socklen_t... yes checking whether time.h and sys/time.h may both be included... yes checking for long long... yes checking for struct lifconf... no checking for kqueue... no checking epoll support... no checking sys/devpoll.h usability... yes checking sys/devpoll.h presence... yes checking for sys/devpoll.h... yes checking if unistd.h or sys/types.h defines fd_set... yes checking whether byte ordering is bigendian... yes checking for OpenSSL library... using OpenSSL from /usr/local/ssl/lib and /usr/local/ssl/include checking whether linking with OpenSSL works... no configure: error: Could not run test program using OpenSSL from /usr/local/ssl/lib and /usr/local/ssl/include. Please check the argument to --with-openssl and your shared library configuration (e.g., LD_LIBRARY_PATH). ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Internal whois server
Jonathan, On Mon, Aug 10, 2009 at 5:30 PM, Jonathan Peterssonjpeters...@garnser.se wrote: Hi all, This is probably somewhat of an un-legit way of using whois but I'm curious as to whether it would be possible to install an internal whois server that responds with the appropriate prefix-data upon request for internal ip-numbers/domains while forwarding unknown requests to external whois servers. Has anyone done a similar implementation or know what kind of software that could be used to obtain this? The RIPE NCC provide whois software (both client and server) as open source software on their website: http://www.ripe.net/db/tools/index.html This will enable you to setup an internal server and db I don't think it will currently let you forward unknown queries on but as it's open source you should be able to change it to satisfy your needs. BTW Don't think this really belongs on the bind-users list. You might want to ask more about it on the RIPE NCC Services mailing list. Brett ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.5.1-P3 compilation problems.
Hello! If you don't need DNSSEC for your zones, you can compile bind without SSL support, like ./configure --with-openssl=no On 11.08.2009 / 07:28:31 -0400, Emery wrote: Good morning, I've conducted two maintenance windows to upgrade our BIND primary server to the new code to address the recent security vulnerability, but cannot get past the error below. I have Openssl 9.8.0k installed. I have no problems running tests from the openssl prompt. I have tried exporting the LD_LIBRARY_PATH to include the /usr/local/ssl directory and have run the compilation with the --with-openssl=/usr/local/ssl switch to no avail. I am running Solaris 10 Sparc - ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: My 9.5.1-P3 exit suddenly.
I was getting the same results on a couple of Solaris 9 on x86 servers. During a code review, a coworker found some fairly major changes in how BIND does things between 9.5.0-P2 and 9.5.1-P3. We had to backport just the security fix from 9.5.1-P3 to 9.5.0-P2 to address the sock-pending_recv error. On Tue, 2009-08-11 at 07:01 -0400, Dmitry Rybin wrote: ulimit -a ? Looks like as max open file descriptor limit exceeded. On FreeBSD/Linux boxes I use MONIT (http://mmonit.com/monit/) то check and restart bind. BBB Kee wrote: Hi, We have a intel solaris 9 and bind9.5.1-P3 inside it. The named suddenly stopped at this morning. Here is it left: ... 11-Aug-2009 06:09:14.466 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: error: failed to start watching FD (512): invalid file 11-Aug-2009 06:09:14.467 general: critical: socket.c:2413: INSIST(!sock-pending_recv) failed 11-Aug-2009 06:09:14.468 general: critical: exiting (due to assertion failure) What is the problem? Can I fix it? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: problems in forwarding
That's not what SERVFAIL is for. You need a different architecture. If you want to resolve both internal and external names, then you need a version of the zone that has *both* sets of names in it. Your architecture should be built around that concept. - Kevin Luis Silva wrote: Regarding question 2, is it possible for the name server to respond servfail and then BIND could contact other servers? On Fri, Aug 7, 2009 at 3:10 PM, Luis Silva luisfilsi...@gmail.com mailto:luisfilsi...@gmail.com wrote: On Fri, Aug 7, 2009 at 11:03 AM, Matus UHLAR - fantomas uh...@fantomas.sk mailto:uh...@fantomas.sk wrote: On 07.08.09 10:50, Luis Silva wrote: 1 - I need to be a slave for the zones testing.es http://testing.es/ and testing2.es http://testing2.es/ but everything else must be redirected to the 10.112.15.3 server. Do you think the example bellow is correct? The problem is that everytime I send a request to the forward zone, my server adds the root nameservers in the authoritative and additions sections of the message, which i do not think is correct. Is there a better alternative? your server? You apparently did not allow recursion from your IP addresses on it. [LS] But the answer section contains the correct information. 2 - My second problem is that I have my BIND server forwarding all the request to a name server, but I wanted to test another server in case of a negative answer (for example, name error) with the exception of a certain zone. For example, I want to send all the requests for es, but in case of a negative answer and the zone domain name is not test.es http://test.es/, I want to try another server. Is that possible? you can configure zone test.es http://test.es/ to be forwarded to different server. There is no functionality in BIND that would continue searching for a name when a server responds the name does not exist. -- Matus UHLAR - fantomas, uh...@fantomas.sk mailto:uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you. ___ bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Recursive Query.
Hi, I have below configuration. DNS server1 -- Forwarder DNS server2-- Authoritative I am seeing following errors on server1. general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /lib/isc/unix/errno2result.c:116: unexpected error: general: error: unable to convert errno to isc_result: 217: Destination address required general: error: /lib/isc/unix/socket.c:1533: unexpected error : general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /isc/unix/errno2result.c:116: unexpected error: Could any of help me, to resolve this issue. Regards Hiro Lalwani ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Recursive Query.
Hi Kevin, Thanks a lot. Please find the more details for the same. BIND version : 9.3.6 OS version : HP-UX 11.23 I have look at the *socket.c* file and seen that This error indicates that sendmsg(2) failed with EDESTADDREG . -- cc = sendmsg(sock-fd, msghdr, 0); send_errno = errno; /* * The other error types depend on whether or not the * socket is UDP or TCP. If it is UDP, some error * that we expect to be fatal under TCP are merel * annoying, and are really soft errors. * * However, these soft errors are still returned as * a status. */ isc_sockaddr_format(dev-address, addrbuf, sizeof(addrbuf));\ isc__strerror(send_errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, internal_send: %s: %s, addrbuf, strbuf); dev-result = isc__errno2result(send_errno);\ return (DOIO_HARD); Note : This same is also seen on BIND-9.4.3-P3 Regards Kalpesh On Tue, Aug 11, 2009 at 10:30 PM, Kevin Darcy k...@chrysler.com wrote: #53 designates *port* 53. Nothing unusual about that. To me, this looks more like a kernel issue-- EDESTADDRREQ is what you get if you try to send data via a UDP socket that's not connect()ed. BIND keeps good track of what's connect()ed and what isn't; it's like the kernel is losing the association somehow. Without knowing what OS this is running on, or what version of BIND, it's kind of hard to troubleshoot further than that. - Kevin kalpesh varyani wrote: thanks for your quick reply I am seen below error msg once per 60sec and no seen any query failure. general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /lib/isc/unix/errno2result.c:116: unexpected error: general: error: unable to convert errno to isc_result: 217: Destination address required general: error: /lib/isc/unix/socket.c:1533: unexpected error : general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /isc/unix/errno2result.c:116: unexpected error: Regards Hiro Lalwani On Tue, Aug 11, 2009 at 10:14 PM, donovan jeffrey j dono...@beth.k12.pa.us mailto:dono...@beth.k12.pa.us wrote: On Aug 11, 2009, at 12:39 PM, kalpesh varyani wrote: Hi, I have below configuration. DNS server1 -- Forwarder DNS server2-- Authoritative I am seeing following errors on server1. general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /lib/isc/unix/errno2result.c:116: unexpected error: general: error: unable to convert errno to isc_result: 217: Destination address required general: error: /lib/isc/unix/socket.c:1533: unexpected error : general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /isc/unix/errno2result.c:116: unexpected error: Could any of help me, to resolve this issue. sounds like a routing or firewall issue. Although from the limited post #53 doesn't look right. -j ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Recursive Query.
Well, you could file a bug report, but I'm not aware of this error happening on other platforms, so it might end up being a kernel issue of some sort. - Kevin kalpesh varyani wrote: Hi Kevin, Thanks a lot. Please find the more details for the same. BIND version : 9.3.6 OS version : HP-UX 11.23 I have look at the *socket.c* file and seen that This error indicates that sendmsg(2) failed with EDESTADDREG . -- cc = sendmsg(sock-fd, msghdr, 0); send_errno = errno; /* * The other error types depend on whether or not the * socket is UDP or TCP. If it is UDP, some error * that we expect to be fatal under TCP are merel * annoying, and are really soft errors. * * However, these soft errors are still returned as * a status. */ isc_sockaddr_format(dev-address, addrbuf, sizeof(addrbuf));\ isc__strerror(send_errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, internal_send: %s: %s, addrbuf, strbuf); dev-result = isc__errno2result(send_errno);\ return (DOIO_HARD); Note : This same is also seen on BIND-9.4.3-P3 Regards Kalpesh On Tue, Aug 11, 2009 at 10:30 PM, Kevin Darcy k...@chrysler.com mailto:k...@chrysler.com wrote: #53 designates *port* 53. Nothing unusual about that. To me, this looks more like a kernel issue-- EDESTADDRREQ is what you get if you try to send data via a UDP socket that's not connect()ed. BIND keeps good track of what's connect()ed and what isn't; it's like the kernel is losing the association somehow. Without knowing what OS this is running on, or what version of BIND, it's kind of hard to troubleshoot further than that. - Kevin kalpesh varyani wrote: thanks for your quick reply I am seen below error msg once per 60sec and no seen any query failure. general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /lib/isc/unix/errno2result.c:116: unexpected error: general: error: unable to convert errno to isc_result: 217: Destination address required general: error: /lib/isc/unix/socket.c:1533: unexpected error : general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /isc/unix/errno2result.c:116: unexpected error: Regards Hiro Lalwani On Tue, Aug 11, 2009 at 10:14 PM, donovan jeffrey j dono...@beth.k12.pa.us mailto:dono...@beth.k12.pa.us mailto:dono...@beth.k12.pa.us mailto:dono...@beth.k12.pa.us wrote: On Aug 11, 2009, at 12:39 PM, kalpesh varyani wrote: Hi, I have below configuration. DNS server1 -- Forwarder DNS server2-- Authoritative I am seeing following errors on server1. general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /lib/isc/unix/errno2result.c:116: unexpected error: general: error: unable to convert errno to isc_result: 217: Destination address required general: error: /lib/isc/unix/socket.c:1533: unexpected error : general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /isc/unix/errno2result.c:116: unexpected error: Could any of help me, to resolve this issue. sounds like a routing or firewall issue. Although from the limited post #53 doesn't look right. -j ___ bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___
Re: BIND 9.5.1-P3 compilation problems.
Emery emery.rudo...@gmail.com wrote: I've conducted two maintenance windows to upgrade our BIND primary server to the new code to address the recent security vulnerability, but cannot get past the error below. I have Openssl 9.8.0k installed. I have no problems running tests from the openssl prompt. I have tried exporting the LD_LIBRARY_PATH to include the /usr/local/ssl directory and have run the compilation with the --with-openssl=/usr/local/ssl switch to no avail. I am running Solaris 10 Sparc - I know that there is a precompiled version of this BIND release on Sunfreeware, but I am trying to upgrade our primary nameserver and would rather to this than a clean uninstall/install. Is there any insight into what wall I'm running into? checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... (cached) yes checking for size_t... yes checking for ssize_t... yes checking for uintptr_t... yes checking for socklen_t... yes checking whether time.h and sys/time.h may both be included... yes checking for long long... yes checking for struct lifconf... no checking for kqueue... no checking epoll support... no checking sys/devpoll.h usability... yes checking sys/devpoll.h presence... yes checking for sys/devpoll.h... yes checking if unistd.h or sys/types.h defines fd_set... yes checking whether byte ordering is bigendian... yes checking for OpenSSL library... using OpenSSL from /usr/local/ssl/lib and /usr/local/ssl/include checking whether linking with OpenSSL works... no configure: error: Could not run test program using OpenSSL from /usr/local/ssl/lib and /usr/local/ssl/include. Please check the argument to --with-openssl and your shared library configuration (e.g., LD_LIBRARY_PATH). When I built BIND 9.6.1-P1 on Solaris 10 I used the following commands: unsetenv LD_LIBRARY_PATH set path=(/usr/sfw/bin/ /usr/sbin /usr/bin /usr/etc /usr/ccs/bin \ /usr/afsws/local/bin) ./configure --prefix=/export/home/named/bind \ --sysconfdir=/export/home/named --enable-threads --localstatedir=/var \ --with-gssapi=/usr --with-libxml2=/usr I am not sure what we have in /usr/afsws/local/bin (if anything) that I need. After the build I ran strings /usr/sfw/lib/libcrypto.so.0.9.7 | grep SSL and I get, in part, OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2008-5077 CVE-2009-0590) I did this because I got a warning message about a back-level OpenSSL Crypto library. The file name has 0.9.7, but that file does contain fixes for vulnerabilities. This is on a SunOS ... 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V240 system. Note that I used different commands when building this BIND on a Solaris 9 system. -- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory Phone:+1 (630) 252-7277 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 Building 222, Room D209 Internet: bsfin...@anl.gov Argonne, IL 60439-4828 IBMMAIL: I1004994 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: cache poisoning
On 11.08.09 13:27, Nelson Serafica wrote: I need to set bind to listen to all address. I'm using AMAZON EC2 no, you don't. you configure listening IPs/ports by using listen-on and listen-on-v6. query-source only configures from which IP/port will your requests come from. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Holmes, what kind of school did you study to be a detective? - Elementary, Watson. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.5.1-P3 compilation problems.
In message 4a8155df.8010...@gmail.com, Emery writes: Good morning, I've conducted two maintenance windows to upgrade our BIND primary server to the new code to address the recent security vulnerability, but cannot get past the error below. One can compile and test named at anytime. Only the installation need to be done in a maintenance window. I have Openssl 9.8.0k installed. I have no problems running tests from the openssl prompt. I have tried exporting the LD_LIBRARY_PATH to include the /usr/local/ssl directory and have run the compilation with the --with-openssl=/usr/local/ssl switch to no avail. I am running Solaris 10 Sparc - I know that there is a precompiled version of this BIND release on Sunfreeware, but I am trying to upgrade our primary nameserver and would rather to this than a clean uninstall/install. Is there any insight into what wall I'm running into? checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... (cached) yes checking for size_t... yes checking for ssize_t... yes checking for uintptr_t... yes checking for socklen_t... yes checking whether time.h and sys/time.h may both be included... yes checking for long long... yes checking for struct lifconf... no checking for kqueue... no checking epoll support... no checking sys/devpoll.h usability... yes checking sys/devpoll.h presence... yes checking for sys/devpoll.h... yes checking if unistd.h or sys/types.h defines fd_set... yes checking whether byte ordering is bigendian... yes checking for OpenSSL library... using OpenSSL from /usr/local/ssl/lib and /usr/local/ssl/include checking whether linking with OpenSSL works... no configure: error: Could not run test program using OpenSSL from /usr/local/ssl/lib and /usr/local/ssl/include. Please check the argument to --with-openssl and your shared library configuration (e.g., LD_LIBRARY_PATH). What is in config.log? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Recursive Query.
thanks for reply. This issue is seen only on hp-ux 11.11/11.23 env. I have checked the configuration and environment issue not finding anything wrong. Regards Kalpesh On Tue, Aug 11, 2009 at 11:20 PM, Cathy Almond cat...@isc.org wrote: I would recommend tracing or similar to find out why your named daemon is not able to send to the IP address being logged. You may find that there are network connectivity issues or that the remote IP is sending back an ICMP response. The reason this particular logged error is seen on HP-UX is seemingly a feature of the sockets implementation whereby the set-up of the destination address may fail, but it isn't trapped until the send fails with EDESTADDRREQ. The underlying failure to send is a configuration/environmental issue and this is what needs to be investigated. Cathy Kevin Darcy wrote: Well, you could file a bug report, but I'm not aware of this error happening on other platforms, so it might end up being a kernel issue of some sort. - Kevin kalpesh varyani wrote: Hi Kevin, Thanks a lot. Please find the more details for the same. BIND version : 9.3.6 OS version : HP-UX 11.23 I have look at the *socket.c* file and seen that This error indicates that sendmsg(2) failed with EDESTADDREG . -- cc = sendmsg(sock-fd, msghdr, 0); send_errno = errno; /* * The other error types depend on whether or not the * socket is UDP or TCP. If it is UDP, some error * that we expect to be fatal under TCP are merel * annoying, and are really soft errors. * * However, these soft errors are still returned as * a status. */ isc_sockaddr_format(dev-address, addrbuf, sizeof(addrbuf));\ isc__strerror(send_errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, internal_send: %s: %s, addrbuf, strbuf); dev-result = isc__errno2result(send_errno);\ return (DOIO_HARD); Note : This same is also seen on BIND-9.4.3-P3 Regards Kalpesh On Tue, Aug 11, 2009 at 10:30 PM, Kevin Darcy k...@chrysler.com mailto:k...@chrysler.com wrote: #53 designates *port* 53. Nothing unusual about that. To me, this looks more like a kernel issue-- EDESTADDRREQ is what you get if you try to send data via a UDP socket that's not connect()ed. BIND keeps good track of what's connect()ed and what isn't; it's like the kernel is losing the association somehow. Without knowing what OS this is running on, or what version of BIND, it's kind of hard to troubleshoot further than that. - Kevin kalpesh varyani wrote: thanks for your quick reply I am seen below error msg once per 60sec and no seen any query failure. general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /lib/isc/unix/errno2result.c:116: unexpected error: general: error: unable to convert errno to isc_result: 217: Destination address required general: error: /lib/isc/unix/socket.c:1533: unexpected error : general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /isc/unix/errno2result.c:116: unexpected error: Regards Hiro Lalwani On Tue, Aug 11, 2009 at 10:14 PM, donovan jeffrey j dono...@beth.k12.pa.us mailto:dono...@beth.k12.pa.us mailto:dono...@beth.k12.pa.us mailto:dono...@beth.k12.pa.us wrote: On Aug 11, 2009, at 12:39 PM, kalpesh varyani wrote: Hi, I have below configuration. DNS server1 -- Forwarder DNS server2-- Authoritative I am seeing following errors on server1. general: error: internal_send: 192.168.2.222#53: Destination address required general: error: /lib/isc/unix/errno2result.c:116: unexpected error: general: error: unable to convert errno to isc_result: 217:
Re: BIND 9.5.1-P3 compilation problems.
Mark - Thanks for your notes. I will attempt to find a window to update the system patch level. This is especially frustration because I performed the upgrade on a disaster recovery system last week and it worked flawlessly. Hopefully patching the system will get us there. If so, I'll be sure to update the listserver, for the benefit of another poor soul in the same boat. :-) Thanks again! Emery. Mark Andrews wrote: In message 4a820186.20...@gmail.com, Emery writes: This is a multi-part message in MIME format. --000608010205070908020408 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mark, I am not really sure which error is the actual indicator of the aforementioned problem. I've attached the config.log. Your insight is most welcome! This looks like a broken stdlib.h. The checking for ANSI C header files also failed earlier in the build process. This could be because Sun's header files are broken or it could be gcc's fixes arn't correct. I suspect that there is a typedef for ctid_t not being made when -D_XPG4_2 -D__EXTENSIONS__ are set on the command line. I would make sure that your OS is fully patched then re-run fixincludes, if I remember the command name correctly, from the gcc distribution. Mark configure:6112: gcc -o conftest -g -O2 -I/usr/local/ssl/include -D_XPG4_2 -D__E XTENSIONS__ conftest.c -L/usr/local/ssl/lib -R/usr/local/ssl/lib -lcrypto 5 In file included from /usr/include/sys/wait.h:24, from /usr/include/stdlib.h:22, from /usr/local/ssl/include/openssl/err.h:66, from conftest.c:27: /usr/include/sys/siginfo.h:259: error: syntax error before ctid_t /usr/include/sys/siginfo.h:292: error: syntax error before '}' token /usr/include/sys/siginfo.h:294: error: syntax error before '}' token /usr/include/sys/siginfo.h:390: error: syntax error before ctid_t /usr/include/sys/siginfo.h:398: error: conflicting types for '__fault' /usr/include/sys/siginfo.h:267: error: previous declaration of '__fault' was her e /usr/include/sys/siginfo.h:404: error: conflicting types for '__file' /usr/include/sys/siginfo.h:273: error: previous declaration of '__file' was here /usr/include/sys/siginfo.h:420: error: conflicting types for '__prof' /usr/include/sys/siginfo.h:287: error: previous declaration of '__prof' was here /usr/include/sys/siginfo.h:424: error: conflicting types for '__rctl' /usr/include/sys/siginfo.h:291: error: previous declaration of '__rctl' was here /usr/include/sys/siginfo.h:426: error: syntax error before '}' token /usr/include/sys/siginfo.h:428: error: syntax error before '}' token /usr/include/sys/siginfo.h:432: error: syntax error before k_siginfo_t /usr/include/sys/siginfo.h:437: error: syntax error before '}' token In file included from /usr/include/sys/procset.h:24, from /usr/include/sys/wait.h:25, from /usr/include/stdlib.h:22, from /usr/local/ssl/include/openssl/err.h:66, from conftest.c:27: /usr/local/lib/gcc/sparc-sun-solaris2.9/3.4.6/include/sys/signal.h:96: error: sy ntax error before siginfo_t In file included from /usr/include/stdlib.h:22, from /usr/local/ssl/include/openssl/err.h:66, from conftest.c:27: /usr/include/sys/wait.h:86: error: syntax error before siginfo_t ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: My 9.5.1-P3 exit suddenly.
Hi, On Tue, Aug 11, 2009 at 7:01 PM, Dmitry Rybin kirg...@corbina.net wrote: ulimit -a ? Looks like as max open file descriptor limit exceeded. time(seconds)unlimited file(blocks) unlimited data(kbytes) unlimited stack(kbytes)8480 coredump(blocks) unlimited nofiles(descriptors) 1024 vmemory(kbytes) unlimited On FreeBSD/Linux boxes I use MONIT (http://mmonit.com/monit/) то check and restart bind. We were running for years for old bind9 for a number of machines for years, and haven't get this problem, and those are mostly for caching queries only. pfiles also only show 0-9,20-22,512,513,516,518,519,521 FD is using. So I think it should not hit FD limit, right? Eric ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does allow-transfer have cache
It works! Thanks for the advise. Your named is clearly not transferring to 1.2.3.4, but you apparently did not move the ns2 to new IP so it still tries to fetch zone(s) from old IP. Move ns2 to 5.6.7.8 and it will ask fot transfers from that IP. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: My 9.5.1-P3 exit suddenly.
On Tue, Aug 11, 2009 at 7:26 PM, Gordon Ewasiuk gewas...@above.net wrote: I was getting the same results on a couple of Solaris 9 on x86 servers. During a code review, a coworker found some fairly major changes in how BIND does things between 9.5.0-P2 and 9.5.1-P3. We had to backport just the security fix from 9.5.1-P3 to 9.5.0-P2 to address the sock-pending_recv error. O...how? I see lots of codes different between 9.5.0-P2 and 9.5.1-P3. Is it just copy the update.c from 9.5.1-P3 to 9.5.0-P2 and compile? I just make this changes and compile ok in 9.5.0-P2 and it seems it can prevent from the current DOS attack also. Eric ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users