BIND 9.16 incoming TCP connection errors

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

BIND 9.16 incoming TCP connection errors

Anand Buddhdev
Hi folks,

I'm running an authoritative server on BIND 9.16. It gets about 3500
q/s, of which around 200 q/s are over TCP. At least, this is what DSC
reports (DSC is a libpcap application sniffing traffic independent of BIND).

In my named.conf, I have set:

reserved-sockets 1000;
tcp-clients 900;

Yet, when BIND is running, it is frequently logging:

16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed:
socket is not connected

What does this log message mean? I don't think it's related to quota,
because the quota message is different ("TCP connection failed: quota
reached").

Another question I have is that the "reserved-sockets" option has a note
saying that it might go away. Does this mean that it's not actually
necessary? The documentation suggests that I have to increase it if I
want to increase the value of "tcp-clients".

Regards,
Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

RE: [Non-DoD Source] BIND 9.16 incoming TCP connection errors

Bind-Users forum mailing list
When I got that message I had to unblock tcp port 53 on my firewall.

Jim




-----Original Message-----
From: bind-users <[hidden email]> On Behalf Of Anand Buddhdev
Sent: Tuesday, June 16, 2020 11:28 AM
To: bind-users <[hidden email]>
Subject: [Non-DoD Source] BIND 9.16 incoming TCP connection errors

All active links contained in this email were disabled.  Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.  




----

Hi folks,

I'm running an authoritative server on BIND 9.16. It gets about 3500
q/s, of which around 200 q/s are over TCP. At least, this is what DSC
reports (DSC is a libpcap application sniffing traffic independent of BIND).

In my named.conf, I have set:

reserved-sockets 1000;
tcp-clients 900;

Yet, when BIND is running, it is frequently logging:

16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed:
socket is not connected

What does this log message mean? I don't think it's related to quota,
because the quota message is different ("TCP connection failed: quota
reached").

Another question I have is that the "reserved-sockets" option has a note
saying that it might go away. Does this mean that it's not actually
necessary? The documentation suggests that I have to increase it if I
want to increase the value of "tcp-clients".

Regards,
Anand
_______________________________________________
Please visit Caution-https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at Caution-https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
Caution-https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: BIND 9.16 incoming TCP connection errors

Tony Finch
In reply to this post by Anand Buddhdev
Anand Buddhdev <[hidden email]> wrote:
>
> 16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed: socket is not connected
>
> What does this log message mean?

I think this error comes from getpeername() and it can occur if the
connection is closed between accept() and getpeername(), which I wouldn't
expect to happen all that frequently...

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/
Biscay: West or northwest, 4 to 6, occasionally 3 later. Slight or moderate.
Showers, perhaps thundery. Good, occasionally moderate.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: BIND 9.16 incoming TCP connection errors

Anand Buddhdev
On 16/06/2020 20:17, Tony Finch wrote:

Hi Tony,

>> 16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed: socket is not connected
>>
>> What does this log message mean?
>
> I think this error comes from getpeername() and it can occur if the
> connection is closed between accept() and getpeername(), which I wouldn't
> expect to happen all that frequently...

Thank you for this. I wasn't seeing these messages under 9.14. They only
appear on servers upgraded to 9.16.

I'd appreciate it if one of the developers of BIND could shed some light
on where this message comes from, so I can investigate what's going on.

Regards,
Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: BIND 9.16 incoming TCP connection errors

Felipe Agnelli Barbosa


Em qui., 18 de jun. de 2020 às 06:49, Anand Buddhdev <[hidden email]> escreveu:
On 16/06/2020 20:17, Tony Finch wrote:

Hi Tony,

>> 16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed: socket is not connected
>>
>> What does this log message mean?
>
> I think this error comes from getpeername() and it can occur if the
> connection is closed between accept() and getpeername(), which I wouldn't
> expect to happen all that frequently...

Thank you for this. I wasn't seeing these messages under 9.14. They only
appear on servers upgraded to 9.16.

I'd appreciate it if one of the developers of BIND could shed some light
on where this message comes from, so I can investigate what's going on.
+1
 
Regards,
Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users


--
" A dúvida é o principio da sabedoria "


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users