The Log File(s) | The Concise Guide to DNS and BIND

BIND writes things to log file(s). You can direct what gets written where with the logging statement, which is discussed in Chapters 3 and 15. By default, named logs to syslog, and usually you will find the named log messages in /var/adm/messages or /var/log/messages, but not always. It depends on your syslog configuration. The format and wording of the messages, and what messages you will find, varies a bit over time, but the complaints mostly stay the same. This list is based on BIND 8.2.2P5. Kevin O'Neil maintains a list of log messages at http://www.acmebw.com/askmrdns/bind-messages.htm. It can provide more varied comments on these messages as well, having the DNS newsgroups to draw on. The following list is not by any means complete. It does not contain any debug-level messages because too many exist to list, nor does it contain most of the panic messages because few exist and they are very easily understood. Also available are a host of memory and filesystem management related errors. These are not listed because they never occur as long as your server has enough memory and the disk has room enough, and there are simply too many of them.

Zone File and Configuration Errors

Several zone file and configuration errors exist because we humans are such lousy typists and have memories like sieves. Most of the errors in the named.conf file stem from one simple error: lacking semicolons (;) at the end of option statements and sections. Another cause is using the wrong comment characters. C-style (/* ... */), C++ style (// ...), and shell style (# ...) is allowed. Zone file style (; ...), however, is not allowed.

pz/penguin.bv:55: xxx error near (foobar)

Severity: Notice

This is a range of messages originating in the zone file loader. The message means that you need to check your syntax for errors for example, for missing fields, typos, and quoting. A complete list of these errors alone would fill several pages, and while I could list them all, it would be very boring. Most of them are self-explanatory, but a few are worth commenting on.

IP Address

IPv6 Address

The syntax of the IP or IPv6 address is incorrect. One likely cause of this is using a comma (,) instead of a period (.). Another is putting leading 0s in the IP numbers, such as 096 instead of 96. Leading 0s cause named to interpret the number as octal; 9 is not a valid octal digit, thus the error message appears. And, of course, all your IP numbers with leading digits will probably be something different from what you intended.

Priority

PX Priority

The priority of an MX, an AFSDB, an RT, an SRV or a PX record is illegal. It should be a number 0 65,535. You might have forgotten to give the priority?

NAPTR Flags too big

NAPTR Service Classes too big

NAPTR Pattern too big

The string representing these can be only up to 255 characters long.

$TTL bad TTL value

TTLs must be in the range 0 2,147,483,647.

pz/penguin.bv: Line 47: $GENERATE unknown type: FOO

pz/penguin.bv: Line 54: Unknown type: FOO

Severity: Info

Named expected something such as A or PTR but got FOO. The most likely cause of this is forgetting to enter the type field.

pz/penguin.bv:54: Database error near (foo)

Severity: Notice

The zone file loader did not understand something on line 54. There might or might not be a more specific error message about it just before this message.

db_load could not open: pz/penguin.bv: Permission denied

Severity: Warning

The file named could not be read due to the reason given. "Permission denied" or "No such file or directory" are the most likely reasons. In the latter case, someone forgot to create the file, or a typo occurred somewhere so it does not exist, and is not supposed to.

Zone "penguin.bv" (file pz/penguin.bv): No default TTL set using SOA minimum instead

Severity: Warning

A $TTL directive is missing in the named zone file, and the old policy of using the SOA minimum TTL as the default TTL is used instead. In a future version of BIND, a missing $TTL can become a fatal error causing the zone to be rejected. So, insert $TTLs in all zones that are missing them.

pz/penguin.bv: Line 1: TTL > 2147483647; converted to 0

pz/penguin.bv: Line 10: SOA minimum TTL > 2147483647; converted to 0

Severity: Info

You have tried to set a TTL that is too big. The maximum is 2,147,483,647 seconds, which is 24,855 days, or approximately 68 years. It might be due to a typing error. A TTL of 0 is unfortunate because things will expire from caches at once, so this should be fixed.

pz/penguin.bv:22: SOA for "penguin.bv" not at zone top

Zone "penguin.bv" (file pz/penguin.bv): no SOA RR found

Zone "penguin.bv" (file pz/penguin.bv): multiple SOA RRs found

Severity (respectively): Error, warning, warning

All zone files must have exactly one SOA record, at the top of the zone file. If it is on the top, try adding some ;s (comment chars) to any empty lines coming before it.

pz/penguin.bv:5: WARNING: new serial number < old (200008080 < 2000080801)

Severity: Notice

This is probably a typing error. If you're in the process of fixing a serial number as described earlier in this chapter, you probably made a mistake.

pz/penguin.bv:45: data "ns.herring.bv" outside zone "penguin.bv" (ignored)

Severity: Info

Records for ns.herring.bv do not belong in the penguin.bv zone. You're not supposed to put data that does not belong in the zones domain in the zone file. This is typically an old zone file with glue (A) records in it meeting BIND 8 for the first time.

Zone "penguin.bv" (file pz/penguin.bv): no NS RRs found at zone top

Severity: Warning

All zones must also contain the NS records for the zone itself.

master zone "penguin.bv" (IN) rejected due to errors (serial 2000080803)

Severity: Warning

The named zone was rejected due to errors and was not incorporated into the database. named does load the remaining zones normally after this, but does not answer authoritatively for the zone.

master/slave/stub zone "penguin.bv" (IN) loaded (serial 2000080804)

hint zone "." (IN) loaded (serial 0)

Severity: Info

The named zone was loaded, and the server will answer authoritatively for the master and slave zones. Stub zones are used for the glue. This does not mean that the zone file was without errors, though, just that it was acceptable.

pz/penguin.bv:52:penguin.bv: CNAME and OTHER data error

Severity: Notice

The zone contains a CNAME with other data as well. Please see Chapter 3 about CNAMEs and its associated issues.

pz/penguin.bv:2: Unknown $ option: $tlt

Severity: Notice

You've entered an unknown $ option; in the previous example, a simple typing error caused this.

pz/penguin.bv:2: expected a TTL, got "foo"

Severity: Notice

named did not recognize the data found as a ttl, which was what it expected.

pz/penguin.bv:5: decimal serial number interpreted as 1000

Severity: Info

You've used a decimal serial number, and it was interpreted as the number shown. Don't use decimal serial numbers because they are unpredictable.

pz/penguin.bv:67: unexpected EOF

Severity: Info

named was in the midst of reading something, perhaps a record, and instead of finding more record contents, it found the end of the file. The record, or whatever, proceeding it might be correct. The message might be due to a missing newline after the last line in the file. UNIX conventions call for an empty line to end all text files.

pz/penguin.bv: WARNING SOA expire value is less than SOA refresh+retry (21600 < 21600+1800)

pz/penguin.bv: WARNING SOA expire value is less than refresh + 10 * retry (21600 < (21600 + 10 * 1800))

pz/penguin.bv: WARNING SOA expire value is less than 7 days (21600)

pz/penguin.bv: WARNING SOA expire value is greater than 6 months (18748800)

Severity (respectively): Notice, warning, warning, warning

These are sanity checks on your SOA field values. Abide by the rules they set, except in special circumstances. In any case, the expire field should be at least 7 days, and perhaps even something like 28 days. But 6 months is probably too long.

pz/penguin.bv: WARNING SOA refresh value is less than 2 * retry (3000 < 1800 * 2)

Severity: Warning

Another sanity check of your SOA values. Let the refresh value be at least two times the retry value, or this message will appear.

host name "rms.penguin.bv.25/0.56.168.192.in-addr.arpa" (owner "25/0.56.168.192.in-addr.arpa") IN (primary) is invalid - rejecting/proceeding anyway

Severity: Warning

In this case, someone forgot an ending period in the right side of a PTR record in a reverse zone. The name should have been typed rms.penguin.bv., with the ending period, but was not. In general, this error means that an illegal character is in the name. In this example, it was a slash (/); another favorite is the underscore (_). By default, in master zones, this error results in the zone being rejected, and in slave zones, it results in a warning. This behavior can be adjusted with the check-names option; see Appendix A, "named.conf Man Page."

owner name "sub_domain.penguin.bv" IN (primary) is invalid - rejecting/proceeding anyway

Severity: Warning

The zone name is invalid because it contains an underscore. The TLD registrars will not accept such registrations. See the previous error for more information.

invalid class IM for zone 'penguin.bv'

Severity: Error

The zone directive specifies an illegal zone class for the given zone. Did you mean IN?

no type specified for zone 'penguin.bv'

Severity: Error

You forgot to specify a type clause in the zone specification.

only the root zone may be a cache zone (zone 'penguin.bv')

only the root zone may be a hint zone (zone 'penguin.bv')

Severity: Error

You tried to specify that a zone other than . is a cache or hint zone. This is illegal.

'file' statement missing for master zone penguin.bv

Severity: Error

You can't have a master zone without a zone file to load it from and store it in. You can, however, have a slave zone without a file to store it in, but I don't recommend it.

'master's statement present for master/hint/cache zone 'penguin.bv'

no 'masters' statement for non-master zone 'penguin.bv'

'allow-{update,transfer}' option for non-{master,slave} zone 'penguin.bv'

'allow-query' option for non-{master,slave,stub} zone 'penguin.bv'

'notify' given for non-master, non-slave zone 'penguin.bv'

'also-notify' given for non-master, non-slave zone 'penguin.bv'

'forward' given for hint zone '.'

'forwarders' given for hint zone '%s'

Severity: Error

All these result from using zone options in the wrong kinds of zones. Please see Appendix A for the allowed combinations.

Zone "penguin.bv" declared more than once

Severity: Error

Do not define the same zone more than once, and if you copied a zone statement, remember to edit the name.

zone 'penguin.bv' did not validate, skipping

Severity: Error

A check on the zone declaration in named.conf failed; the error message will be shown prior to this. Because of this, the zone could not be loaded.

NSMAX reached for zone 'penguin.bv'

Severity: Error

You are trying to add too many masters to the zone. In BIND 8.2.2P5, the limit is 16.

duplicate also-notify address ignored [10.5.66.126] for zone 'penguin.bv'

duplicate global also-notify address ignored [10.5.66.126]

Severity: Warning

You've listed the same address more than once in an also-notify list.

limit "datasize/stacksize/…" not supported on this system - ignored

Severity: Warning

The named resource limit is not supported by BIND on this system. If your system does support this limit and BIND does not, a little source code patching is in order. Send the patch to the ISC afterward.

setrlimit(datasize): Operation not permitted

Severity: Warning

You're probably trying to raise the resource limit beyond what the OS allows.

couldn't create pid file '/var/run/named.pid'

Severity: Error

You probably do not have write permission in the directory. This is probably because you've run named with the -u option, so it won't run as root. Also, only root has write access to the /var/run directory. This is as it should be; opening /var/run to be written in by anyone is a security risk that approaches, if not exceeds, the risk of running named as root. Create another directory, such as /var/named/run, with the proper write permissions to have the pid file in.

directory /var/named is world-writable

Severity: Warning

It is considered insecure to have the named directory world-writable. You should chmod it. Think long and hard before ignoring this message.

can't change directory to /var/named: No such file or directory

unix control /var/runn/ndc failed: No such file or directory

Severity (respectively): Panic, warning

The error message on the end of the message can be something else entirely Permission denied, for example. Check whether the directory is there, that you typed its name correctly in the configuration file, and that it has proper permissions and so forth.

the maximum number of concurrent inbound transfers is 20

Severity: Error

You are trying to raise the transfers-in limit beyond the hard-coded maximum, and the value has been truncated to the maximum. The maximum is 20 in BIND 8.2.2P5.

cannot set resource limits on this system

Severity: Info

Your system does not support setting system limits, such as datasize, because it does not have the getrusage, getrlimit, and setrlimit system calls. If this is not correct, the port of BIND to your platform must be fixed.

forwarder '192.168.0.2' ignored, my address

Severity: Error

Don't use yourself as a forwarder.

Unsupported TSIG algorithm foo

Severity: Error

Only HMAC-MD5 is supported as of BIND 8.2.2P5. Refer to Chapter 5, "Using Dig and nslookup," for more information about dynamic DNS and TSIGs.

Invalid TSIG secret "CuTaNDPaSTEErrOR"

Severity: Warning

The secret string was not a valid BASE64 encoded string, probably because of a cut and paste error.

must specify a file or null channel for the eventlib category

only one channel allowed for the eventlib category

must specify a file or null channel for the packet category

only one channel allowed for the packet category

Severity: Error

The eventlib and packet logging categories funnel so much data that you are allowed to channel them only to a file, and only one file.

re-establishing default options

Severity: Warning

You have previously specified logging options, which no longer appear in named.conf; therefore, the default logging options have been re-established.

chrooted to /var/BIND-chroot

Severity: Info

Your chroot setup is working, at least so far.

Ready to answer queries

Severity: Notice

Your name daemon is ready to answer queries. This is good.

named shutting down

Severity: Info

For some reason or other, named is shutting down probably because ndc stop was run.

reloading nameserver

Severity: Notice

Someone issued a ndc reload command.

/etc/named.conf:33: cannot redefine…

While parsing the named.conf file, the parser found another definition of something that can be defined only once. Only one options section is possible; only one listen-on is possible; only one server section for each server is possible; and only one definition of each zone name is possible. Except for views of course, each view can have only one, but each view can have one each (zone definition, that is).

Zone Transfers, Slave Zones

Err/TO getting serial# for "penguin.bv"

Severity: Info

Your named tries to determine whether a zone transfer of penguin.bv is necessary, but fails to communicate and get the serial number from the master server.

Zone "penguin.bv" (IN) SOA serial# (200008080) rcvd from [192.168.0.2] is < ours (2000080803): skipping

Severity: Notice

Count the digits carefully. The master has a serial number less than the one we have. If only one host is used as master, someone made a typing error that stops the updated zone from being transferred. Please see the previous section dealing with masters, slaves, and serial numbers for how to deal with this.

If you're using slaves as additional masters to help zone propagation, you will see this from time to time when you have succeeded in getting an updated zone transferred, but your other master (a slave of the origin master) has not gotten it updated yet.

attempted to fetch zone penguin.bv from self (192.168.0.2)

Severity: Notice

This is probably due to some misconfiguration. I have seen this on multi-homed nameservers that did not have a listen-on option set (see Chapter 2) and thus did not detect

that the master for the zone was itself.

startxfer: too many xfers running

Severity: Warning

A zone is due for a serial number query (because the refresh interval for the zone has passed), but the maximum number of zone transfers is already running. The serial number query will be tried again later. The number of concurrent inbound zone transfers is limited by a compiled constant called MAX_XFERS_RUNNING. In BIND 8.2.2P5, its value is 20. A related message appears when you try to set transfers-in higher than this limit.

zone transfer timeout for "penguin.bv"; pid 4711 killed

Severity: Notice

The zone transfer timed out. This is normally due to temporary network problem and will pass. If it is not temporary, you might need to increase max-transfer-time-in to fix the problem. Or you might have to get a better connection to your master. It's 120 minutes by default. See Chapter 17, "Miscellany," for more information.

zone transfer timeout for "penguin.bv"; pid 4711 missing

zone transfer timeout for "penguin.bv"; kill pid 4711: Not owner

zone transfer timeout for "penguin.bv"; pid 4711 kill failed Not owner

zone transfer timeout for "penguin.bv"; second kill pid 4711 - forgetting, processes may accumulate

Severity: Warning

This should never happen under normal circumstances. All these errors happen when named notices that a zone transfer has been running too long, and then when it tries to abort, it fails to do so.

named-xfer "penguin.bv" exited with signal 7

Severity: Notice

The named-xfer that was transferring the given zone exited because it was sent the given signal. This could indicate a number of things, but don't worry if it happens only occasionally.

xfer vfork: Resource temporarily unavailable

can't exec named-xfer: Resource temporarily unavailable

Severity: Error

The reason given can vary, but Resource temporarily unavailable indicates that a memory, process table, or other OS or machine resource shortage has occurred. Do you need to buy more RAM or enlarge some key kernel tables?

Sent NOTIFY for "penguin.bv IN SOA" (penguin.bv); 1 NS, 1 A

Severity: Info

named has sent out the NOTIFY messages for an update in the penguin.bv zone. This occurs at random intervals after a zone reload to avoid everyone trying to zone transfer everything at once.

suppressing duplicate notify ("penguin.bv" IN SOA)

Severity: Info

named has already sent NOTIFYs for this zone and doesn't want to be redundant. This can be due to listing a slave server in both the NS records for the zone and in the also-notify list.

rcvd NOTIFY(penguin.bv, IN, SOA) from 192.168.0.1

Severity: Info

A NOTIFY was received, meaning that the indicated zone might have been updated. The server compares the serial number on the master with its own and then, if necessary, starts a zone transfer.

rcvd NOTIFY for "penguin.bv", name not one of our zones

NOTIFY(SOA) for non-secondary name (penguin.bv), from [192.168.0.2].2375

Severity: Info

Someone is telling us that a zone we know nothing of has been updated.

NOTIFY(SOA) from non-master server (zone penguin.bv), from [192.168.0.2].3256

Severity: Info

A server we don't recognize as master for the given zone tried to tell us that the zone was updated. This is probably caused by a multi-homed master not sending NOTIFYs from the right address. See Chapter 2 and the section "Forwarding source address is [0.0.0.0].1033" later in this chapter.

Received NOTIFY answer from 192.168.0.1 for "penguin.bv IN SOA"

Severity: Info

This should arrive shortly after the NOTIFYs are sent out. If it does not, the NOTIFYs might have been lost or rejected.

unapproved AXFR from [192.168.0.1].3782 for "penguin.bv" (acl)

unapproved AXFR from [192.168.0.1].3782 for "penguin.bv" (not master/slave)

unapproved AXFR from [192.168.0.1].3782 for "penguin.bv" (not authoritative)

Severity: Notice

The given server was denied its request for AXFR (or IXFR). In the first case, this is because it was forbidden by an allow-transfer option. In the second case, this is because the zone was not a master or slave zone, but rather a hint or stub that does not make sense to the zone transfer. In the third case, this is because if we don't have that zone, we're not authoritative for it.

approved AXFR from [192.168.0.1].3959 for "penguin.bv"

Severity: Info

The server approved a zone transfer request from 192.168.0.1 for the penguin.bv zone.

NOTIFY(SOA) for zone already xferring (penguin.bv)

Severity: Info

We're being told that the zone penguin.bv has been updated, while we're still transferring the last update. The NOTIFY is ignored.

zoneref: Masters for secondary zone "penguin.bv" unreachable

Severity: Notice

Your nameserver is incapable of reaching any of the masters for the given zone. This is probably temporary, but if the condition persists, it should be investigated. If it persists too long, the zone will expire as set in the SOA record.

secondary zone "penguin.bv" expired

Severity: Notice

The expire interval for the zone has passed without any contact with any master server. If you need to reinstate the zone, touch the file and reload the nameserver. The cached zone file's last modification date is used to calculate its age.

secondary zone "penguin.bv" time warp

Severity: Notice

The named slave zones file has a modification time in the future. This makes no sense. But, it can happen if the nameserver is restarted or reloaded right after the servers clock has been adjusted, or if the clock adjustment was big.

zone transfer (AXFR) of "penguin.bv" (IN) to [192.168.0.1].3112

Severity: Info

The outgoing zone transfer is initiated.

Dynamic DNS

Some of the errors possible with dynamic DNS are the same as with static DNS. See the previous zone file messages if you can't find something.

unapproved update from [10.212.103.201].61762 for dyn.penguin.bv

Severity: Notice

Someone at the given address is trying to send you a dynamic DNS update, but your nameserver denies the request. Dynamic DNS is discussed in Chapter 9, "Dynamic DNS."

cannot delete last remaining NS record for zone dyn.penguin.bv

Severity: Debug

You're trying to remove the last NS record of the zone. A zone must have at least one NS record, so this is forbidden. As you see, this error is at debug level, so you might never see it. You will notice only the NS record not being deleted in spite of your best efforts.

invalid log file pz/dyn.penguin.bv.log

Severity: Error

While maintaining the dynamic zone, the change log was found to be invalid. Either look at the log and fix the error or rename it, restart the nameserver, and then send the updates you find in the log file to the server with nsupdate.

fopen() of pz/dyn.penguin.bv.xyz failed: Permission denied

error dumping zone file pz/dyn.penguin.bv

Severity: Error

Is your disk full? Do you run named as nonroot? If so, does named have write permissions in that directory?

Resolving

Among the chief problems when resolving are lame delegations.

Lame server on 'news.penguin.bv' (in 'penguin.bv'?): [10.55.0.181].53 'ns0.nic.bv'

Severity: Info

You nameserver queried ns0.nic.bv for news.penguin.bv because it thought it was authoritative for the zone penguin.bv, but ns0.nic.bv did not answer authoritatively. The reason it asked ns0.nic.bv in the first place was that someone said it was an authoritative server for the zone.

Because several lame delegations are out there, your named logs might be dominated by messages about lameness. You can disable lamer logging:

 logging {     ...     category lame-servers { null; };     ...  };

Another option that affects lameness is lame-ttl. Lameness is cached to reduce the number of queries that can result only in rediscovering the same lame condition. By default, the TTL for this is 10 minutes, but it can be raised up to 30 minutes:

 options {     ...     lame-ttl 1800;     ... };

A lame server is not a fatal condition; the nameserver will continue to query the other nameservers for the zone until an answer is found, until the following messages are logged.

ns_forw: query(news.penguin.bv) All possible A RR's lame

ns_forw: query(news.penguin.bv) No possible A RRs

Severity: Info

While trying to resolve news.penguin.bv, only lame servers were encountered and the name could not be resolved. This mainly occurs for reverse zones because they and their delegation and maintenance are blind spots for administrators. This is also why it can take some time before you receive your reverse zones delegates properly.

tcp_send([192.168.0.2].53) failed: Network is unreachable

sendto([192.168.0.2].53): Connection refused

Severity: Info

The trailing error message need not be the same as shown. Network is unreachable means that the network is incapable of relaying the request packet for some reason. It could be because the IP address is bogus, or because your routing tables are incomplete. Connection refused means that no one was listening on the port the server tried to talk to.

domain name too long: <long name>

Severity: Info

This is an internal buffer overflow, which should never happen. If you ever find Name_Too_Long in your cache, you'll now know why.

unapproved query from 192.168.0.3 for "news.penguin.bv"

Severity: Notice

The given host is not allowed to ask for that. See allow-query in the index.

"baddomain.bv IN NS" points to a CNAME (ns0.baddomain.bv)

Severity: Info

The admin of baddomian.bv is not following the rules about not using CNAMES for NS records (or MX or SOA). Send a friendly email pointing out the error, if you want. It can only make things better.

Response from unexpected source ([192.168.0.1].53)

Severity: Info

A response packet came from an unexpected place and got dropped in the bit bucket. Again, this is something that a multi-homed server can cause. It also can indicate a very old spoofing attack being executed.

wrong ans. name (news.penguin.bv != mail.penguin.bv)

Malformed response from [192.168.0.1].8762 (answer to wrong question)

Severity: Info

An answer was received for the wrong question. In the first case, the query was for mail.penguin.bv and news.penguin.bv was received.

Malformed response appears in several other contexts and indicates an error discovered while decoding an answer. It can mean that an implementation error occurred in your server or in the remote server.

bad referral (penguin.bv !< walruss.penguin.bv)

Severity: Info

While querying the walruss.penguin.bv nameservers for a walruss.penguin.bv name, the nameserver received a referral to a nameserver closer to the root. A properly authoritative nameserver would return the answer or a referral one more step away from the root. This probably means that the server queried about walruss.penguin.bv is not authoritative, in spite of what earlier referrals indicated. Some server is holding bad NS records for walruss.penguin.bv.

MAXQUERIES exceeded, possible data loop in resolving news.penguin.bv

Severity: Info

The error message says it all. More than 20 (MAXQUERIES in BIND 8.2.2P5) queries are needed to resolve the name. Something is afoul.

sysquery: findns error (NXDOMAIN/SERVFAIL) on ns.penguin.bv?

Severity: Info

Your nameserver was trying to find the A record of a nameserver named in an NS record but failed. NXDOMAIN means that the name ns.penguin.bv does not exist, which is very bad in the case of a nameserver. SERVFAIL means that the servers that should know the answer are tripping.

ns_forw: query(foo.penguin.bv) xxx (langnese.nvg.ntnu.no:127.0.0.1)

Severity: Info

The xxx complaint can be due to several different things, but they all boil down to a clearly bogus answer, such as referrals to nameservers with 127.0.0.1, 0.0.0.0, or a multicast address. Contains our address means that the referral was to the server itself, clearly a lame delegation because the server would have known that itself. Forwarding loop means that the server was referred to the host that issued the query in the first place, which is also a lame delegation the querier would have known that it is authoritative. NS points to CNAME means just that: Someone was not thinking when he set up the NS records in question.

unrelated additional info 'www.walruss.bv' type A from [192.168.0.2].52

Severity: Info

The answer contained information unrelated to the query and the rest of the answer. The information is ignored. It can indicate a server bug, or less likely, a spoofing attempt.

Miscellaneous

rcvd IP_OPTIONS from 192.168.6.66 (ignored)

Severity: Info

Use IP option is normally associated with attacks on your computer. If a connection is made with options set, named disables the options and logs this message.

dropping source port zero packet from [192.168.6.66].0

Severity: Notice

UDP packets from port 0 are not allowed and are invariably associated with attacks or badly configured or unstable machines.

refused query on non-query socket from 192.168.6.66

Severity: Notice

A query arrived at the socket that named itself is using to send queries. This should not happen; queries should arrive on the socket at port 53.

Socket(SOCK_RAW): Too many open files

Severity: Panic or error.

When named is starting up, this is a panic condition. After startup, during the periodic interface scanning (see Chapter 17), it is an error. The condition is detected during the interface scanning when named finds and binds each interface's TCP and UDP port 53 to listen for queries. Each port it binds requires one file handle, and during startup it uses file handles for each zone file it reads. If you get this message, raise the files limit.

listening on [127.0.0.1].53 (lo)

listening on [192.168.0.2].53 (eth0)

Severity: Info

Several of these should exist one for each network interface on your system. Or, if you use the listen-on option, one should exist for each of the interfaces you listed.

There may be a name server already running on 192.168.0.2

bind: Address already in use

Severity: Error

A nameserver is probably already running on the host. If you've set up for two or more servers with listen-on options, you might have two nameservers with the same configuration running or a conflict in your configurations.

deleting interface [127.0.0.1].53

deleting interface [192.168.0.2].53

Severity: notice

The interface could not be bound; named gave up on it and removed it from the listen-on list. See the description of the bind: Address already in use message.

ctl_server: bind: Address already in use

Severity: Error

The control socket could not be established. The Address already in use message indicates that someone else is already using the socket. ctl_server means that it has to do with the socket ndc talks to named over; the usual path for this is /var/run/ndc. The path can be overridden with the controls option in named.conf. If you need to run multiple instances of BIND, they will need one control connection each each with a distinct name.

not listening on any interfaces

Severity: Warning

Your named could not find any interfaces on which to listen, and so does not listen on any. This is probably caused by another nameserver running on the machine.

Forwarding source address is [0.0.0.0].1033

Severity: Info

This is the source address that will be used when issuing queries, NOTIFYs, and other traffic from this host. If the address is 0.0.0.0 then the OS will tack on the address of the network interface the packet leaves by when it leaves. On multi-homed servers that are masters or slaves, this can cause problems because the master might be expecting zone transfer queries from a specific address, and the slaves are expecting NOTIFYs from one of the hosts listed as master in the slave zone configuration. You should specify the query-source option, as described in Chapter 2.

forwarding interface [192.168.0.2].53 gone

Severity: Panic

The interface configured to be used as forwarding origin has disappeared. It should be gotten back up; then restart your named.

named restarting

Severity: Info

Named is restarting because someone told it to, probably with ndc restart.

query log on/off

Severity: Notice

You should take notice when this is turned on. It uses a lot of disk space, and do I mean a lot.

Suppressed qserial_query(penguin.bv)

Severity: Info

You have configured named as being on a dial-up connection and a serial number query has been suppressed; it will be executed later.

Heartbeat: qserial penguin.bv

Severity: info

The dial-up heartbeat is causing serial number queries to be sent out now, all in a lump. Instead of when the whim of TTLs and refresh intervals dictates.

Cleaned cache of 42 RRsets

Severity: Info

The cache was cleaned and 42 resource record sets were removed because their TTLs had expired.

unapproved recursive query from [192.168.0.1].53 for news.walruss.bv

Severity: Notice

You've restricted recursive queries (with the allow-recursion option) and received one from an unapproved source. If the host is supposed to be allowed to make recursive queries, adjust the allow-recursion option.

ns_req: no address for root server

Severity: Notice

You didn't put any A records for the root servers in the root.hints file.

findns: No root nameservers for class HESIOD?

Severity: Info

If you have a server without any hints zones, or are playing with some non-IN zones (such as a Hesiod zone) for which you don't have any hint files, you'll see this message. Don't worry unless you're supposed to know the root servers for that class. This could also happen if your hint file is empty.

check_hints: no NS records for class IN in hints

check_hints: no A records for E.ROOT-SERVERS.NET class IN in hints

Severity: Error

Your hint file is without NS, or A, records. You need a new hint file.

dumping nameserver stats

done dumping nameserver stats

Severity: Notice

Someone wanted statistics, and now they're getting them or have gotten them. They were probably requested by ndc stats. The default filename for this is named.stats.

dumping nameserver data

finished dumping nameserver data

Severity: Notice

A database and cache dump is, or was, written to named_dump.db in the directory named in the directory option. Earlier in this chapter I gave a description of this dump file.

foo.penguin.bv CNAME and other data (invalid)

Severity: Info

A name cannot have both a CNAME record and other records. See Chapter 3 for a discussion of this.

Too many open files

This message can appear at the end of several other messages in your logs. If can indicate that you must raise the files resource limit using the files option in named.conf. named keeps two open files/handles/sockets per network interface on your host; moreover, it uses one handle for the control socket and one handle for the query socket. Some sockets are also used when files (zone and configuration) are read from disk at startup, at reload, and after zone transfers and dynamic updates. Software such as lsof can be very helpful in finding out why you've run into this. This is the normal output of lsof on a Linux system running BIND:

 # lsof -c named COMMAND PID USER  FD  TYPE     DEVICE    SIZE   NODE NAME named 11536 root cwd   DIR        3,8    4096 227650 /var/named named 11536 root rtd   DIR        3,1    1024      2 / named 11536 root txt   REG        3,5  511440 170342 /usr/sbin/named named 11536 root mem   REG        3,1  340663  12140 /lib/ld-2.1.3.so named 11536 root mem   REG        3,1 4101324  12143 /lib/libc-2.1.3.so named 11536 root   0u  CHR        1,3          22092 /dev/null named 11536 root   1u  CHR        1,3          22092 /dev/null named 11536 root   2u  CHR        1,3          22092 /dev/null named 11536 root   3u unix 0xc2ef4340        3316436 socket named 11536 root   4u IPv4    3316446            UDP *:1035 named 11536 root   5u unix 0xc1285480        3316438 /var/run/ndc named 11536 root  20u IPv4    3316442            UDP localhost:domain named 11536 root  21u IPv4    3316443            TCP localhost:domain         (LISTEN) named 11536 root  22u IPv4    3316444            UDP 192.168.0.2:domain named 11536 root  23u IPv4    3316445            TCP 192.168.0.2:domain         (LISTEN)

NSTATS…

USAGE…

XSTATS…

Statistics information. Please see Chapter 17 for more information about this.

ns_udp checksums NOT turned on: exiting

Severity: Panic

UDP checksums are not enabled on this host. Because DNS relies on UDP, we want UDP checksums. Some old versions of SunOS had UDP checksums disabled. UDP checksums have been recommended to be enabled for…oh, 10 years?

ns_udp: check sums turned on

Severity: Warning

UDP checksums were not enabled, but now they are. See the previous message.