Discussion:
BIND 9.16 incoming TCP connection errors
(too old to reply)
Anand Buddhdev
2020-06-16 15:28:09 UTC
Permalink
Hi folks,

I'm running an authoritative server on BIND 9.16. It gets about 3500
q/s, of which around 200 q/s are over TCP. At least, this is what DSC
reports (DSC is a libpcap application sniffing traffic independent of BIND).

In my named.conf, I have set:

reserved-sockets 1000;
tcp-clients 900;

Yet, when BIND is running, it is frequently logging:

16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed:
socket is not connected

What does this log message mean? I don't think it's related to quota,
because the quota message is different ("TCP connection failed: quota
reached").

Another question I have is that the "reserved-sockets" option has a note
saying that it might go away. Does this mean that it's not actually
necessary? The documentation suggests that I have to increase it if I
want to increase the value of "tcp-clients".

Regards,
Anand
Tony Finch
2020-06-16 18:17:15 UTC
Permalink
16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed: socket is not connected
What does this log message mean?
I think this error comes from getpeername() and it can occur if the
connection is closed between accept() and getpeername(), which I wouldn't
expect to happen all that frequently...

Tony.
--
f.anthony.n.finch <***@dotat.at> http://dotat.at/
Biscay: West or northwest, 4 to 6, occasionally 3 later. Slight or moderate.
Showers, perhaps thundery. Good, occasionally moderate.
DeCaro, James John (Jim) CIV DISA FE (USA)
2020-06-16 18:08:44 UTC
Permalink
When I got that message I had to unblock tcp port 53 on my firewall.

Jim




-----Original Message-----
From: bind-users <bind-users-***@lists.isc.org> On Behalf Of Anand Buddhdev
Sent: Tuesday, June 16, 2020 11:28 AM
To: bind-users <bind-***@lists.isc.org>
Subject: [Non-DoD Source] BIND 9.16 incoming TCP connection errors

All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.




----

Hi folks,

I'm running an authoritative server on BIND 9.16. It gets about 3500
q/s, of which around 200 q/s are over TCP. At least, this is what DSC
reports (DSC is a libpcap application sniffing traffic independent of BIND).

In my named.conf, I have set:

reserved-sockets 1000;
tcp-clients 900;

Yet, when BIND is running, it is frequently logging:

16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed:
socket is not connected

What does this log message mean? I don't think it's related to quota,
because the quota message is different ("TCP connection failed: quota
reached").

Another question I have is that the "reserved-sockets" option has a note
saying that it might go away. Does this mean that it's not actually
necessary? The documentation suggests that I have to increase it if I
want to increase the value of "tcp-clients".

Regards,
Anand
_______________________________________________
Please visit Caution-https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at Caution-https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
Caution-https://lists.isc.org/mailman/listinfo/bind-users
Anand Buddhdev
2020-06-18 09:49:14 UTC
Permalink
On 16/06/2020 20:17, Tony Finch wrote:

Hi Tony,
Post by Tony Finch
16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed: socket is not connected
What does this log message mean?
I think this error comes from getpeername() and it can occur if the
connection is closed between accept() and getpeername(), which I wouldn't
expect to happen all that frequently...
Thank you for this. I wasn't seeing these messages under 9.14. They only
appear on servers upgraded to 9.16.

I'd appreciate it if one of the developers of BIND could shed some light
on where this message comes from, so I can investigate what's going on.

Regards,
Anand
Felipe Agnelli Barbosa
2020-06-22 17:29:42 UTC
Permalink
Post by Anand Buddhdev
Hi Tony,
socket is not connected
Post by Tony Finch
Post by Anand Buddhdev
What does this log message mean?
I think this error comes from getpeername() and it can occur if the
connection is closed between accept() and getpeername(), which I wouldn't
expect to happen all that frequently...
Thank you for this. I wasn't seeing these messages under 9.14. They only
appear on servers upgraded to 9.16.
I'd appreciate it if one of the developers of BIND could shed some light
on where this message comes from, so I can investigate what's going on.
+1
Post by Anand Buddhdev
Regards,
Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
" A dúvida é o principio da sabedoria "
Loading...