722761 – BIND 9.7.4b1-RedHat-9.7.4-0.2.b1.fc14 hangs, servfail, occasionally works

Bug 722761 - BIND 9.7.4b1-RedHat-9.7.4-0.2.b1.fc14 hangs, servfail, occasionally works

Summary: BIND 9.7.4b1-RedHat-9.7.4-0.2.b1.fc14 hangs, servfail, occasionally works

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	14
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Adam Tkac
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-07-17 14:36 UTC by Al Dunsmuir
Modified:	2013-04-30 23:49 UTC (History)
CC List:	4 users (show)
Fixed In Version:	bind-9.7.4-2.P1.fc14
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-07-19 09:16:34 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
named syslog messages (6.51 KB, text/plain) 2011-07-17 14:37 UTC, Al Dunsmuir	no flags	Details
Log showing attempts to run dig (1.26 KB, text/plain) 2011-07-17 14:40 UTC, Al Dunsmuir	no flags	Details
Full syslog from overnight showing many named errors (128.13 KB, text/plain) 2011-07-18 13:32 UTC, Al Dunsmuir	no flags	Details
View All

Description Al Dunsmuir 2011-07-17 14:36:30 UTC

Description of problem:
I've been noticing intermittent problems with bind, but this morning things came to a head.  My normal 686 F14 server with dnssec setup began failing nearly all DNS requests - resulted in frequent hangs/shutdowns of my VPN to work
as regular keepalive packets regularly failed DNS lookups.

I've recycled named multiple times.  In desperation, started my 64-bit F14 box in parallel, and set up LAN users with both.  That bind server (also at current maintenance) is failing identically to the one in the F14 686 box.

Version-Release number of selected component (if applicable):
BIND 9.7.4b1-RedHat-9.7.4-0.2.b1.fc14

How reproducible:
About 90% of the time, dig just hangs.  About 5%, returns SERVFAIL.  About 5% works for a while, and then stops working again.

Very disruptive to all users on LAN

Steps to Reproduce:
1. Any DNS request, but unpredictable behaviour
2.
3.
  
Actual results:
Request timeout, or servfail, or occasionally DSN address resolved.

Expected results:


Additional info:

Comment 1 Al Dunsmuir 2011-07-17 14:37:47 UTC

Created attachment 513526 [details]
named syslog messages

Comment 2 Al Dunsmuir 2011-07-17 14:40:09 UTC

Created attachment 513527 [details]
Log showing attempts to run dig

Comment 3 Al Dunsmuir 2011-07-17 14:48:04 UTC

Finally got a successful answer:

; <<>> DiG 9.7.4b1-RedHat-9.7.4-0.2.b1.fc14 <<>> remote.rbc.com +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21911
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;remote.rbc.com.			IN	A

;; ANSWER SECTION:
remote.rbc.com.		20	IN	A	142.245.25.14

;; AUTHORITY SECTION:
remote.rbc.com.		300	IN	NS	occecomgtm1.rbc.com.
remote.rbc.com.		300	IN	NS	gccecomgtm1.rbc.com.

;; Query time: 84 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Sun Jul 17 10:46:29 2011
;; MSG SIZE  rcvd: 111

Comment 4 Al Dunsmuir 2011-07-18 13:32:58 UTC

Created attachment 513617 [details]
Full syslog from overnight showing many named errors

Attached is the full syslog for named from yesterday until now.
There appear to be many different messages.

The weird thing is that currently name resolution is basically 
functional for systems on this LAN.  Enough so that I was able
to shut down the 64-bit machine that was running DNS in parallel
(heat wave... office was getting too warm).

Please indicate what sort of queries you wish me to run to gather
diagnostic information.

Al

Comment 5 Al Dunsmuir 2011-07-20 21:46:07 UTC

Adam,

I was forced to recycle again.  The DNS stopped resolving again.  Today's log file segment attached... almost all from named.

By the way, I suspect that I need to update my dhcpd and named config files a bit so that they cooperate better.  It's been like this for several years, so I hope that is not the primary driver of the problem.

Al

ul 20 04:24:15 wallace dhcpd: Wrote 0 deleted host decls to leases file.
Jul 20 04:24:15 wallace dhcpd: Wrote 0 new dynamic host decls to leases file.
Jul 20 04:24:15 wallace dhcpd: Wrote 23 leases to leases file.
Jul 20 05:57:49 wallace named[4392]: validating @0xb56019b0: crash-reports.mozilla.com A: no valid signature found
Jul 20 06:19:11 wallace named[4392]: error (unexpected RCODE REFUSED) resolving 'as400bks.rochester.ibm.com/A/IN': 192.91.197.12#53
Jul 20 07:50:36 wallace dhcpd: Wrote 0 deleted host decls to leases file.
Jul 20 07:50:36 wallace dhcpd: Wrote 0 new dynamic host decls to leases file.
Jul 20 07:50:36 wallace dhcpd: Wrote 23 leases to leases file.
Jul 20 07:50:36 wallace dhcpd: DHCPREQUEST for 192.168.1.147 from 00:19:66:1d:af:6a via eth0
Jul 20 07:50:36 wallace dhcpd: DHCPACK on 192.168.1.147 to 00:19:66:1d:af:6a (gromit) via eth0
Jul 20 07:50:36 wallace dhcpd: Unable to add forward map from gromit.fernbank.whitby.ca to 192.168.1.147: not found
Jul 20 07:50:36 wallace dhcpd: DHCPREQUEST for 192.168.1.147 from 00:19:66:1d:af:6a (gromit) via eth0
Jul 20 07:50:36 wallace dhcpd: DHCPACK on 192.168.1.147 to 00:19:66:1d:af:6a (gromit) via eth0
Jul 20 07:50:36 wallace dhcpd: Unable to add forward map from gromit.fernbank.whitby.ca to 192.168.1.147: not found
Jul 20 07:50:52 wallace dhcpd: DHCPINFORM from 192.168.1.147 via eth0: not authoritative for subnet 192.168.1.0
Jul 20 08:14:45 wallace named[4392]: error (unexpected RCODE REFUSED) resolving 'www.durhambusiness.ca/A/IN': 207.236.176.22#53
Jul 20 08:14:45 wallace named[4392]: error (unexpected RCODE REFUSED) resolving 'www.durhamtourism.ca/A/IN': 207.236.176.22#53
Jul 20 08:14:45 wallace named[4392]: error (unexpected RCODE REFUSED) resolving 'image.durham.ca/A/IN': 207.164.234.37#53
Jul 20 09:24:02 wallace dhcpd: Wrote 0 deleted host decls to leases file.
Jul 20 09:24:02 wallace dhcpd: Wrote 0 new dynamic host decls to leases file.
Jul 20 09:24:02 wallace dhcpd: Wrote 23 leases to leases file.
Jul 20 09:24:02 wallace dhcpd: DHCPREQUEST for 192.168.1.147 from 00:19:66:1d:af:6a (gromit) via eth0
Jul 20 09:24:02 wallace dhcpd: DHCPACK on 192.168.1.147 to 00:19:66:1d:af:6a (gromit) via eth0
Jul 20 09:24:02 wallace dhcpd: Unable to add forward map from gromit.fernbank.whitby.ca to 192.168.1.147: not found
Jul 20 09:24:18 wallace dhcpd: DHCPINFORM from 192.168.1.147 via eth0: not authoritative for subnet 192.168.1.0
Jul 20 09:25:22 wallace dhcpd: DHCPINFORM from 192.168.1.147 via eth0: not authoritative for subnet 192.168.1.0
Jul 20 09:26:27 wallace dhcpd: DHCPINFORM from 192.168.1.147 via eth0: not authoritative for subnet 192.168.1.0
Jul 20 09:27:45 wallace dhcpd: DHCPINFORM from 192.168.1.147 via eth0: not authoritative for subnet 192.168.1.0
Jul 20 09:28:51 wallace dhcpd: DHCPINFORM from 192.168.1.147 via eth0: not authoritative for subnet 192.168.1.0
Jul 20 09:29:56 wallace dhcpd: DHCPINFORM from 192.168.1.147 via eth0: not authoritative for subnet 192.168.1.0
Jul 20 09:31:02 wallace dhcpd: DHCPINFORM from 192.168.1.147 via eth0: not authoritative for subnet 192.168.1.0
Jul 20 09:47:34 wallace named[4392]: error (unexpected RCODE SERVFAIL) resolving 'www.cknw.com/A/IN': 64.141.106.74#53
Jul 20 10:59:40 wallace named[4392]: clients-per-query increased to 15
Jul 20 10:59:40 wallace named[4392]: clients-per-query increased to 20
Jul 20 10:59:40 wallace named[4392]: clients-per-query increased to 25
Jul 20 11:19:40 wallace named[4392]: clients-per-query decreased to 24
Jul 20 11:39:40 wallace named[4392]: clients-per-query decreased to 23
Jul 20 11:59:40 wallace named[4392]: clients-per-query decreased to 22
Jul 20 12:19:40 wallace named[4392]: clients-per-query decreased to 21
Jul 20 12:39:40 wallace named[4392]: clients-per-query decreased to 20
Jul 20 12:59:40 wallace named[4392]: clients-per-query decreased to 19
Jul 20 13:19:40 wallace named[4392]: clients-per-query decreased to 18
Jul 20 13:39:40 wallace named[4392]: clients-per-query decreased to 17
Jul 20 13:59:40 wallace named[4392]: clients-per-query decreased to 16
Jul 20 14:19:40 wallace named[4392]: clients-per-query decreased to 15
Jul 20 14:39:40 wallace named[4392]: clients-per-query decreased to 14
Jul 20 14:59:40 wallace named[4392]: clients-per-query decreased to 13
Jul 20 15:19:40 wallace named[4392]: clients-per-query decreased to 12
Jul 20 15:24:02 wallace dhcpd: Wrote 0 deleted host decls to leases file.
Jul 20 15:24:02 wallace dhcpd: Wrote 0 new dynamic host decls to leases file.
Jul 20 15:24:02 wallace dhcpd: Wrote 23 leases to leases file.
Jul 20 15:39:40 wallace named[4392]: clients-per-query decreased to 11
Jul 20 15:59:40 wallace named[4392]: clients-per-query decreased to 10
Jul 20 16:43:15 wallace named[4392]: managed-keys-zone ./IN: Unable to fetch DNSKEY set '.': timed out
Jul 20 16:43:15 wallace named[4392]: managed-keys-zone ./IN: Unable to fetch DNSKEY set 'dlv.isc.org': timed out
Jul 20 17:12:46 wallace named[4392]: received control channel command 'stop'

Comment 6 Al Dunsmuir 2011-07-20 22:00:52 UTC

Adam,

This is getting very very weird.  Next named cycle had the following as the only syslog output.

Al

Jul 20 17:12:46 wallace named[4392]: exiting
Jul 20 17:12:47 wallace named[8083]: starting BIND 9.7.4b1-RedHat-9.7.4-0.2.b1.fc14 -u named -4
Jul 20 17:12:47 wallace named[8083]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-pkcs11=/usr/lib/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'
Jul 20 17:12:47 wallace named[8083]: adjusted limit on open files from 1024 to 1048576
Jul 20 17:12:47 wallace named[8083]: found 2 CPUs, using 2 worker threads
Jul 20 17:12:47 wallace named[8083]: using up to 4096 sockets
Jul 20 17:12:47 wallace named[8083]: loading configuration from '/etc/named.conf'
Jul 20 17:13:44 wallace named[8083]: validating @0xb5501540: . NS: got insecure response; parent indicates it should be secure
Jul 20 17:13:44 wallace named[8083]: error (insecurity proof failed) resolving './NS/IN': 128.63.2.53#53
Jul 20 17:57:07 wallace named[8083]: received control channel command 'stop'
Jul 20 17:57:07 wallace named[8083]: shutting down: flushing changes
Jul 20 17:57:07 wallace named[8083]: stopping command channel on 127.0.0.1#953
Jul 20 17:57:07 wallace named[8083]: no longer listening on 127.0.0.1#53
Jul 20 17:57:07 wallace named[8083]: no longer listening on 192.168.1.2#53
Jul 20 17:57:07 wallace named[8083]: exiting

Comment 7 Adam Tkac 2011-07-22 08:29:41 UTC

This might be related to bug #709205.

Can you please try to put following directive into your named.conf?

managed-keys-directory "/var/named/dynamic";

If it doesn't help you can disable dnssec validation (via dnssec-validation no; directive) as a temporary workaround.

Comment 8 Al Dunsmuir 2011-07-22 10:28:59 UTC

I believe my previous update to named.conf was nearly a year ago when you resolved 583842.  Before I opened this bz, I had noticed the rpmnew file with that stanza, and already updated my named.conf on both systems accordingly.  It had eliminated several messages that mentioned that directory, but did not help the overall situation.

I have now updated dnssec-enable to "no" and restarted named.  DNS queries are working again (but insecure).

Since both my i686 and X86_64 boxes were affected, I've left the latter with DNSSEC enabled for now.  Let me know what I can do in terms of attaching configuration files and any diagnostic traces.

Al

Comment 9 Al Dunsmuir 2011-07-22 10:32:15 UTC

By the way, I am not running chrooted, in case that makes a difference (from 709205).

Comment 10 Adam Tkac 2011-08-02 14:12:10 UTC

Upstream just released 9.7.4 version which contains many changes which should solve your issues.

Can you download & test if packages located on http://kojipkgs.fedoraproject.org/packages/bind/9.7.4/1.fc14 are better, please? (make sure you update bind and bind-libs packages simultaneously). Thank you in advance.

Comment 11 Al Dunsmuir 2011-08-03 18:53:51 UTC

I installed with
  yum --nogpgcheck install bind*

set dnssec-enable to "yes" and recycled.  Much better than before.  

Still a couple of glitches:

Aug  3 14:46:35 wallace named[20707]: received control channel command 'stop'
Aug  3 14:46:35 wallace named[20707]: shutting down: flushing changes
Aug  3 14:46:35 wallace named[20707]: stopping command channel on 127.0.0.1#953
Aug  3 14:46:35 wallace named[20707]: no longer listening on 127.0.0.1#53
Aug  3 14:46:35 wallace named[20707]: no longer listening on 192.168.1.2#53
Aug  3 14:46:35 wallace named[20707]: exiting
Aug  3 14:46:35 wallace named[22038]: starting BIND 9.7.4-RedHat-9.7.4-1.fc14 -u named -4
Aug  3 14:46:35 wallace named[22038]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-pkcs11=/usr/lib/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'
Aug  3 14:46:35 wallace named[22038]: adjusted limit on open files from 1024 to 1048576
Aug  3 14:46:35 wallace named[22038]: found 2 CPUs, using 2 worker threads
Aug  3 14:46:35 wallace named[22038]: using up to 4096 sockets
Aug  3 14:46:35 wallace named[22038]: Using 101 tasks for zone loading
Aug  3 14:46:35 wallace named[22038]: loading configuration from '/etc/named.conf'
Aug  3 14:46:35 wallace named[22038]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Aug  3 14:46:35 wallace named[22038]: using default UDP/IPv4 port range: [1024, 65535]
Aug  3 14:46:35 wallace named[22038]: using default UDP/IPv6 port range: [1024, 65535]
Aug  3 14:46:35 wallace named[22038]: no IPv6 interfaces found
Aug  3 14:46:35 wallace named[22038]: listening on IPv4 interface lo, 127.0.0.1#53
Aug  3 14:46:35 wallace named[22038]: listening on IPv4 interface eth0, 192.168.1.2#53
Aug  3 14:46:35 wallace named[22038]: generating session key for dynamic DNS
Aug  3 14:46:35 wallace named[22038]: using built-in trusted-keys for view _default
Aug  3 14:46:35 wallace named[22038]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 127.IN-ADDR.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 254.169.IN-ADDR.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: D.F.IP6.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 8.E.F.IP6.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 9.E.F.IP6.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: A.E.F.IP6.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: B.E.F.IP6.ARPA
Aug  3 14:46:35 wallace named[22038]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Aug  3 14:46:35 wallace named[22038]: command channel listening on 127.0.0.1#953
Aug  3 14:46:35 wallace named[22038]: the working directory is not writable
Aug  3 14:46:35 wallace named[22038]: zone 0.in-addr.arpa/IN: loaded serial 0
Aug  3 14:46:35 wallace named[22038]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Aug  3 14:46:35 wallace named[22038]: zone 1.168.192.IN-ADDR.ARPA/IN: loaded serial 2
Aug  3 14:46:35 wallace named[22038]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Aug  3 14:46:35 wallace named[22038]: zone fernbank.whitby.ca/IN: loaded serial 2
Aug  3 14:46:35 wallace named[22038]: zone localhost.localdomain/IN: loaded serial 0
Aug  3 14:46:35 wallace named[22038]: zone localhost/IN: loaded serial 0
Aug  3 14:46:35 wallace named[22038]: managed-keys-zone ./IN: loaded serial 3622
Aug  3 14:46:35 wallace named[22038]: running
Aug  3 14:48:02 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'ns.isc.afilias-nst.info/A/IN': 199.254.31.1#53
Aug  3 14:48:03 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'pdns5.ultradns.info/A/IN': 199.254.31.1#53

Query through dig of the first failure seems normal.
[root@wallace etc]# dig ns.isc.afilias-nst.info

; <<>> DiG 9.7.4-RedHat-9.7.4-1.fc14 <<>> ns.isc.afilias-nst.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38565
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;ns.isc.afilias-nst.info.	IN	A

;; ANSWER SECTION:
ns.isc.afilias-nst.info. 86400	IN	A	199.254.63.254

;; AUTHORITY SECTION:
afilias-nst.info.	86325	IN	NS	ns1.yyz1.afilias-nst.info.
afilias-nst.info.	86325	IN	NS	ns1.sea1.afilias-nst.info.
afilias-nst.info.	86325	IN	NS	ns1.ams1.afilias-nst.info.
afilias-nst.info.	86325	IN	NS	ns1.mia1.afilias-nst.info.

;; Query time: 140 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Wed Aug  3 14:49:18 2011
;; MSG SIZE  rcvd: 149

Comment 12 Al Dunsmuir 2011-08-03 18:56:16 UTC

On the x64-86 box, no issues

Aug  3 14:44:08 leeloo named[7782]: received control channel command 'reload'
Aug  3 14:44:08 leeloo named[7782]: loading configuration from '/etc/named.conf'
Aug  3 14:44:08 leeloo named[7782]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Aug  3 14:44:08 leeloo named[7782]: using default UDP/IPv4 port range: [1024, 65535]
Aug  3 14:44:08 leeloo named[7782]: using default UDP/IPv6 port range: [1024, 65535]
Aug  3 14:44:08 leeloo named[7782]: no IPv6 interfaces found
Aug  3 14:44:08 leeloo named[7782]: zone 'fernbank.whitby.ca.' allows updates by IP address, which is insecure
Aug  3 14:44:08 leeloo named[7782]: using built-in trusted-keys for view _default
Aug  3 14:44:08 leeloo named[7782]: the working directory is not writable
Aug  3 14:44:08 leeloo named[7782]: reloading configuration succeeded
Aug  3 14:44:08 leeloo named[7782]: zone 127.IN-ADDR.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 254.169.IN-ADDR.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 2.0.192.IN-ADDR.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 100.51.198.IN-ADDR.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 113.0.203.IN-ADDR.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 255.255.255.255.IN-ADDR.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 8.B.D.0.1.0.0.2.IP6.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone D.F.IP6.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 8.E.F.IP6.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone 9.E.F.IP6.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone A.E.F.IP6.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.
Aug  3 14:44:08 leeloo named[7782]: zone B.E.F.IP6.ARPA/IN: zone serial (0) unchanged. zone may fail to transfer to slaves.

Comment 13 Al Dunsmuir 2011-08-03 21:11:02 UTC

The following are additional messages from the F14 i686 box.

Aug  3 15:08:31 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.97.231#53
Aug  3 15:08:31 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 69.175.11.74#53
Aug  3 15:08:31 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.15.76#53
Aug  3 15:08:32 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 69.175.11.74#53
Aug  3 15:08:32 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.15.76#53
Aug  3 15:08:32 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.97.231#53
Aug  3 15:08:32 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 69.175.11.74#53
Aug  3 15:08:32 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.15.76#53
Aug  3 15:08:32 wallace named[22038]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.97.231#53
Aug  3 15:16:28 wallace named[22038]: error (connection refused) resolving 'cdn.cnn.com.c.footprint.net/A/IN': 192.221.72.51#53
Aug  3 16:32:01 wallace named[22038]: dispatch 0xb771c7f8: open_socket(0.0.0.0#8613) -> permission denied: continuing

Comment 14 Al Dunsmuir 2011-08-03 21:12:49 UTC

Additional messages on X86_64:

Aug  3 14:54:54 leeloo named[7782]: error (unexpected RCODE REFUSED) resolving 'meg.web.psi.ch/A/IN': 130.59.1.30#53
Aug  3 15:08:30 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.15.76#53
Aug  3 15:08:30 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 69.175.11.74#53
Aug  3 15:08:30 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.97.231#53
Aug  3 15:08:30 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.15.76#53
Aug  3 15:08:30 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 69.175.11.74#53
Aug  3 15:08:30 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.97.231#53
Aug  3 15:08:31 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 69.175.11.74#53
Aug  3 15:08:31 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.97.231#53
Aug  3 15:08:31 leeloo named[7782]: error (unexpected RCODE SERVFAIL) resolving 'caeajr1jeew6zsw7u_dgukgt6z1d--dtthl7wjcfszhyo+kkzmw.AT.gmail.com.dnsbl7.mailshell.net/A/IN': 74.208.15.76#53

Comment 15 Adam Tkac 2011-08-04 07:12:24 UTC

Those errors (unexpected RCODE SERVFAIL/REFUSED) are intermittent issues on other servers or on the network (packet is sometimes dropped, question from your server exceeds clients limit on the other server etc). This doesn't indicate issue in named itself.

If those errors bother you, then please read section 6.2.10.2 (inside logging section, called "The category phase") of the BIND9 ARM (/usr/share/doc/bind-<version>/arm/Bv9ARM.pdf) and check the "lame-servers" logging category. Something like

logging {
...
category lame-servers { null; };
...
};

should suppress those messages.

In my opinion we can consider the 9.7.4 version solves your issues, can't we?

Comment 16 Al Dunsmuir 2011-08-04 07:36:40 UTC

Adam,

The new bind is absolutely working fine for me.  Reliable, with no spurious failures.  Put in updates-testing and let me know when to add +1 karma.

Thanks for the manual reference.  I'd rather see the lame-servers output than suppress it.  

Thanks again!
Al

Comment 17 Adam Tkac 2012-07-19 09:16:34 UTC

Closing per comment #16, bind-9.7.4-2.P1.fc14 is already in updates.

Note You need to log in before you can comment on or make changes to this bug.