Hello everyone -
I run bind version 9.8.2 on CentOS 6.5. The daily logwatch run sends me the following items. Are any of these a real problem?
============ checkhints: extra NS 'A.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'B.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'C.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'D.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'E.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'F.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'G.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'H.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'I.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'J.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'K.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'L.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'M.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: unable to find root NS 'ns1.dnslibre.info' in hints: 147 Time(s) checkhints: unable to find root NS 'ns1.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns10.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns2.dnslibre.info' in hints: 147 Time(s) checkhints: unable to find root NS 'ns2.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns3.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns4.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns5.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns6.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns7.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns8.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns9.opennic.glue' in hints: 147 Time(s) clients-per-query decreased to 10: 2 Time(s) (repeated many time with various numbers) ===================
The hints file DOES contain two entries for each of the ROOT-SERVERS. One is the ipv4 address and the other is the ipv6 address. I use the hints file downloaded from http://www.internic.net/domain/named.root .
The hints file does NOT contain any entries for the opennic.glue or dnslibre.info servers. However, when I run "rndc -all", the output shows that bind has entries for those servers. The names will resolve and answer ping.
I searched all over trying to find information on the clients-per-query setting. My named.conf file does not contain an entry for clients-per-query. Is there some detailed documentation on this setting? What does it really do?
Three more notes: 1) I see no problems in daily operation. All web browsing works as does resolution for local machines. 2) This bind server does not get queries from outside my local network. 3) I use OpenNIC as the "forwarders" servers. I used to use OpenDNS until they stopped handling Yahoo email correctly.
Thanks - Bill Gee
On Wed, 2014-10-08 at 08:05 -0500, Bill Gee wrote:
I run bind version 9.8.2 on CentOS 6.5. The daily logwatch run sends me the following items. Are any of these a real problem?
checkhints: unable to find root NS 'ns1.opennic.glue' in hints: 170
Time(s)
Host ns1.opennic.glue not found: 3(NXDOMAIN)
checkhints: unable to find root NS 'ns9.opennic.glue' in hints: 147 Time(s)
Host ns9.opennic.glue not found: 3(NXDOMAIN)
Seems your set-up is wrong.
On Wednesday, October 08, 2014 14:11:59 Always Learning wrote:
On Wed, 2014-10-08 at 08:05 -0500, Bill Gee wrote:
I run bind version 9.8.2 on CentOS 6.5. The daily logwatch run sends me the following items. Are any of these a real problem?
checkhints: unable to find root NS 'ns1.opennic.glue' in hints: 170
Time(s)
Host ns1.opennic.glue not found: 3(NXDOMAIN)
checkhints: unable to find root NS 'ns9.opennic.glue' in hints: 147 Time(s)
Host ns9.opennic.glue not found: 3(NXDOMAIN)
Seems your set-up is wrong.
Hmmm... I think you are right, but I have no idea exactly WHAT is wrong. Can you add some details?
Address resolution and ping works for me on all of the opennic.glue servers. That seems only logical since my DNS has entries for them.
============= [bgee@main2 temp2]$ ping -c 3 ns1.opennic.glue PING ns1.opennic.glue (185.19.105.30) 56(84) bytes of data. 64 bytes from dns.geek.id.au (185.19.105.30): icmp_seq=1 ttl=41 time=173 ms 64 bytes from dns.geek.id.au (185.19.105.30): icmp_seq=2 ttl=41 time=171 ms 64 bytes from dns.geek.id.au (185.19.105.30): icmp_seq=3 ttl=41 time=171 ms
--- ns1.opennic.glue ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 171.344/172.154/173.355/0.989 ms [bgee@main2 temp2]$ ===============
Ping6 also works.
Thanks - Bill Gee
Hello everyone -
Update on this: I did some more searching and discovered that OpenNIC is intended to replace the normal top-level DNS servers. It's not just a simple forwarder. I changed my forwarders to AlternateDNS.
After two days I no longer get either of the checkhints messages shown below. The hints file has not changed - it still contains both A and AAAA records, but there is no longer any message about extra entries. "Rndc dumpdb -all" shows that the opennic.glue entries have been flushed. Dig will resolve names like ns2.opennic.glue, but ping fails.
That leaves the log messages about changing the clients-per-query. More searching finally found me some documentation on the entry. The log messages do not indicate a problem - they are just named doing some self-tuning.
Just in case, I added
clients-per-query 20 max-clients-per-query 30
to the options section of my named.conf file. I still get some messages about named changing clients-per-query, but I am going to just ignore them for now.
Bill Gee
On Wednesday, October 08, 2014 08:05:38 Bill Gee wrote:
Hello everyone -
I run bind version 9.8.2 on CentOS 6.5. The daily logwatch run sends me the following items. Are any of these a real problem?
============ checkhints: extra NS 'A.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'B.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'C.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'D.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'E.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'F.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'G.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'H.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'I.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'J.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'K.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'L.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: extra NS 'M.ROOT-SERVERS.NET' in hints: 170 Time(s) checkhints: unable to find root NS 'ns1.dnslibre.info' in hints: 147 Time(s) checkhints: unable to find root NS 'ns1.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns10.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns2.dnslibre.info' in hints: 147 Time(s) checkhints: unable to find root NS 'ns2.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns3.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns4.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns5.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns6.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns7.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns8.opennic.glue' in hints: 170 Time(s) checkhints: unable to find root NS 'ns9.opennic.glue' in hints: 147 Time(s) clients-per-query decreased to 10: 2 Time(s) (repeated many time with various numbers) ===================
The hints file DOES contain two entries for each of the ROOT-SERVERS. One is the ipv4 address and the other is the ipv6 address. I use the hints file downloaded from http://www.internic.net/domain/named.root .
The hints file does NOT contain any entries for the opennic.glue or dnslibre.info servers. However, when I run "rndc -all", the output shows that bind has entries for those servers. The names will resolve and answer ping.
I searched all over trying to find information on the clients-per-query setting. My named.conf file does not contain an entry for clients-per-query. Is there some detailed documentation on this setting? What does it really do?
Three more notes: 1) I see no problems in daily operation. All web browsing works as does resolution for local machines. 2) This bind server does not get queries from outside my local network. 3) I use OpenNIC as the "forwarders" servers. I used to use OpenDNS until they stopped handling Yahoo email correctly.
Thanks - Bill Gee _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Always Learning -
Bill Gee