LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   why is named burning syslog? (https://www.linuxquestions.org/questions/linux-networking-3/why-is-named-burning-syslog-345824/)

eantoranz 07-22-2005 05:44 PM
why is named burning syslog?
 
We lost our internet connection today... and after a while I noticed that named was on fire... and so was syslogd, so I took a look at syslog and noticed that it was getting so big.... incredibly fast... it was almost ! Gb in just a couple of hours, I think... with messages from named saying that it could not get the address for a ROOT NS. (don't remember the message exactly).

What could be the problem? I guess it's because the network was down.... but how can I keep it from happening again?

(ubuntu 5.04)

mpeg4codec 07-23-2005 11:40 AM
It sounds like you don't have the hints for the root servers turned on. This is vitally important for any DNS server. I'm not sure how Ubuntu sets it up, but it's based on Debian, so I'll make a few assumptions.

Your /etc/bind/named.conf needs to have these lines in it:

zone "." {
type hint;
file "/etc/bind/db.root";
};

They should give Bind the info it needs to locate the root servers and works even if the network is down. It at least shouldn't complain to syslog every three seconds. Give it a try and tell me how it turns out.

eantoranz 07-23-2005 11:42 AM
I'll do it on monday as soon as I get to the office.... but if my memory is not wrong, that section is in the named.conf file. Tell you on monday anyway.

eantoranz 07-29-2005 10:51 AM
Well.. this is the follow up.

As told you, that section was in the configuration file:
Code:
zone "." {
        type hint;
        file "/etc/bind/db.root";
};
This were the messages that were popping up in syslog:
Code:
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (E.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (E.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (F.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (F.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (G.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (G.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (I.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (I.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (J.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (J.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (K.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (K.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (L.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (L.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (M.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (M.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (B.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (A.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (A.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (C.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (C.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (D.ROOT-SERVERS.NET)
Jul 25 07:40:30 localhost named[2302]: sysquery: no addrs found for root NS (D.ROOT-SERVERS.NET)
See what I mean? All those messages were logged in less than a second. :-S

As I told you, I stopped bind till we got internet back. Once we got internet connection again, I started it again, with no problem... but I certainly don't want that to be a problem when our internet connection be down. Any other ideas?

Half_Elf 07-29-2005 11:44 AM
can you post the output of db.root? there is obliviously something wrong about it. It's like your server can't resolv root server (you should NEVER try to resolv server of course, your server should know their name).

From my own db.root file :
Code:
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A    198.41.0.4
For each "NS *.ROOT-SERVERS.NET" you should have a "A <ip>" line. Could you be missing the second one?

eantoranz 07-29-2005 11:47 AM
Your whishes are orders:

Code:
# cat /etc/bind/db.root

; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                      518400  IN      NS      A.ROOT-SERVERS.NET.
.                      518400  IN      NS      B.ROOT-SERVERS.NET.
.                      518400  IN      NS      C.ROOT-SERVERS.NET.
.                      518400  IN      NS      D.ROOT-SERVERS.NET.
.                      518400  IN      NS      E.ROOT-SERVERS.NET.
.                      518400  IN      NS      F.ROOT-SERVERS.NET.
.                      518400  IN      NS      G.ROOT-SERVERS.NET.
.                      518400  IN      NS      H.ROOT-SERVERS.NET.
.                      518400  IN      NS      I.ROOT-SERVERS.NET.
.                      518400  IN      NS      J.ROOT-SERVERS.NET.
.                      518400  IN      NS      K.ROOT-SERVERS.NET.
.                      518400  IN      NS      L.ROOT-SERVERS.NET.
.                      518400  IN      NS      M.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.    3600000 IN      A      198.41.0.4
B.ROOT-SERVERS.NET.    3600000 IN      A      192.228.79.201
C.ROOT-SERVERS.NET.    3600000 IN      A      192.33.4.12
D.ROOT-SERVERS.NET.    3600000 IN      A      128.8.10.90
E.ROOT-SERVERS.NET.    3600000 IN      A      192.203.230.10
F.ROOT-SERVERS.NET.    3600000 IN      A      192.5.5.241
G.ROOT-SERVERS.NET.    3600000 IN      A      192.112.36.4
H.ROOT-SERVERS.NET.    3600000 IN      A      128.63.2.53
I.ROOT-SERVERS.NET.    3600000 IN      A      192.36.148.17
J.ROOT-SERVERS.NET.    3600000 IN      A      192.58.128.30
K.ROOT-SERVERS.NET.    3600000 IN      A      193.0.14.129
L.ROOT-SERVERS.NET.    3600000 IN      A      198.32.64.12
M.ROOT-SERVERS.NET.    3600000 IN      A      202.12.27.33

;; Query time: 81 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net.)
;; WHEN: Sun Feb  1 11:27:14 2004
;; MSG SIZE  rcvd: 436
Why does it look like a dig response??? :-o


All times are GMT -5. The time now is 07:01 PM.