Log messages for 8.x.x named, named-xfer and ndc
This is not a complete list of the messages, just the ones I’ve personally encountered and ones that I’ve seen on the mailing lists.
Page references are to pages in DNS and BIND, 3rd edition. It's available from your local technical bookstore or online (for example, at Amazon.com). It's also available as one of the six books on the CD The Networking CD Bookshelf. There is a search engine provided on the CD.
Sometimes the source code can give more clues to the problem, so grep the source code that you’ve downloaded from ISC: in directory src/bin/named, “grep ns_log *.c | more” will list all the lines that result in log messages; or grep for the message text you're interested in.
The ISC (Internet Software Consortium) also has a searchable BIND Users Mailing List Archive. The links below are to this archive. The newsgroup comp.protocols.dns.bind is bidirectionally gatewayed to the bind-users mailing list.
The people whose answers I have found most useful are Barry Margolin, Mark Andrews, Jim Reid, Joseph S. D. Yao, Matt Larson, and Cricket Liu.
You can also search the Ask Mr. DNS archives.
There are several recently published books on DNS:
· DNS and BIND, 4th edition by Paul Albitz and Cricket Liu
· The Concise Guide to DNS and BIND by Nicolai Langfeldt – this contains a section with explications of some of these messages as well.
· Linux DNS Server Administration by Craig Hunt
· DNS on Windows NT by Paul Albitz, Matt Larson and Cricket Liu
· Windows NT DNS by Michael Masterson, Herman Knief, Scott Vinick and Eric Roul
· The Concise Guide to Microsoft Windows 2000 DNS by Andy Ruth and Bob Collier
· Windows 2000 DNS Server by William Wong
Send me any corrections/amplifications/suggestions.
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Revision History
A
parser: error: /usr/local/etc/named.conf:161:
address/mask mismatch; skipping
CATEGORY: parser
SEVERITY: error
PAGE:
FURTHER INFO:
There are more bits specified in the address than are required by the specified netmask.
approved AXFR from [132.174.12.141].60685 for
"fs.dedip.oclc.org"
CATEGORY: security
SEVERITY: info
PAGE: 159
FURTHER INFO:
Indicates that the host at IP address 132.174.12.141 successfully transferred the zone with the domain name fs.dedip.oclc.org from your name server.
bad referral (state.il.us !< SOS.STATE.IL.US)
CATEGORY: response-checks
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that while querying the SOS.STATE.IL.US name servers, your name server was referred to the state.il.us name servers. Since a referral should always point to name servers authoritative for descendant zones, this is an error. The name server that sent the referral is probably misconfigured, and not authoritative for the zone delegated to it.
REFERENCES:
bad response to SOA query from 10.10.0.2, zone
30.10.in-addr.arpa: rcode 0, aa 0, ancount 0, aucount 2
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server, a slave for the zone 30.10.in-addr.arpa, sent a query to the name server at IP address 10.10.0.2 for the zone's current SOA record. This was to determine whether or not the zone data had changed on the master server. However, the master server's response indicated that it was not authoritative for the 30.10.in-addr.arpa zone (that's what "aa=0" means). Your name server expects the master server to be authoritative for the zone, and can't transfer a zone from a non-authoritative name server, so it logs an error.
bind(dfd=20, [132.174.19.28].53): Address already in use
CATEGORY:
SEVERITY:
PAGE: 163
FURTHER INFO:
Indicates that there is already a program listening on port 53 on the
network interface with IP address 132.174.19.28, and therefore named couldn't
listen on that port. Programs like lsof,
which list open files and the programs that have them open, can help you
troubleshoot this. Often, there's
another name server already running on the host.
bind(dfd=20, [132.174.19.28].53): Invalid argument
CATEGORY: default
SEVERITY: error
PAGE:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/1999/11/msg00966.html
http://www.isc.org/ml-archives/bind-users/2000/05/msg00836.html
/etc/named.conf:53: cannot redefine zone '' class 1
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that you have multiple zone statements in named.conf for the named zone (in this case, the root zone, which has the domain name '').
REFERENCES:
cannot set resource limits on this system
CATEGORY:
SEVERITY:
PAGE: 157
FURTHER INFO:
Indicates that named was compiled to believe that it couldn't set new resource limits (e.g., for data segment size, stack size) on this operating system. If your name server isn't configured to set any of these limits, you can ignore this. If you know your operating system does support setting new resource limits, you need to define HAVE_SETRUSAGE in the BIND source and recompile.
can't change directory to /var/name: No such file or directory
CATEGORY:
SEVERITY:
PAGE: 312-313
FURTHER INFO:
Indicates that the working directory you set in named.conf doesn't exist.
can't
exec /usr/local/sbin/named-xfer: No such file or directory.
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that named couldn't execute the named-xfer binary at /usr/local/sbin/named-xfer. Make sure the binary exists at that path and is executable, or use the named-xfer options substatement to redefine the path.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2001/02/msg00232.html
http://www.isc.org/ml-archives/bind-users/2001/02/msg00241.html
can't make tmpfile (mooretec.com.94Vt6f):
Permission denied
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
This is an error logged to syslog by named-xfer.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/10/msg00563.html
check_hints: no A records for L.ROOT-SERVERS.NET class 1 in hints
CATEGORY: default
SEVERITY: error
PAGE:
FURTHER INFO:
I also had this happen when converting from 4.9.x to 8.x.x. I used the db.cache file from the 4.9.x configuration instead of updating it from ftp.rs.internic.net (with the named.root file). The message below also occurred.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/11/msg00356.html
check_hints: root NS list in hints for class 1 does not match root NS
list
CATEGORY: default
SEVERITY: warning
PAGE:
FURTHER INFO:
Indicates that your name server's root hints file does not match the list of root name servers your name server received in response to a query for the current list of root name servers. You should probably get a new root hints file from ftp://ftp.rs.internic.net/domain/named.root.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/11/msg00356.html
check_root: 1 root servers after query to
root server < min
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server received a response to its query for the current list of root name servers that indicated that there was only one root name server, which is less than the default minimum.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/11/msg00356.html
Cleaned cache of 795 RRsets
CATEGORY: maintenance
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that during its last cache cleaning, your name server removed 795 RRsets that had gone stale because their time to live values had dropped to zero.
CNAME and other data (invalid)
CATEGORY:
SEVERITY:
PAGE: 158-159
FURTHER INFO:
Indicates that you have a domain name in your zone data that owns both a
CNAME record and a record of another type, for example:
|
foo foo |
IN IN |
CNAME A |
bar 10.0.0.1 |
As this is an ambiguous configuration—is foo's address the same as
the address of bar or is it 10.0.0.1—and therefore an error.
REFERENCES:
couldn't create pid file
/chroot/named/var/run/named.pid
CATEGORY: config
SEVERITY: error
PAGE:
FURTHER INFO:
Indicates that the name server didn’t have sufficient permissions to create the file /chroot/named/var/run/named.pid. This is often because you’re running the name server as a user other than root but the directory the named.pid file is written to isn’t writeable by root. You can configure named to write named.pid somewhere else with the pid-file options substatement.
REFERENCES:
ctl_server:
bind: Address already in use
http://www.isc.org/ml-archives/bind-users/1999/10/msg00451.html
http://www.isc.org/ml-archives/bind-users/1999/12/msg00535.html
http://www.isc.org/ml-archives/bind-users/2000/05/msg00892.html
http://www.isc.org/ml-archives/bind-users/2000/05/msg00835.html
http://www.isc.org/ml-archives/bind-users/2000/09/msg00705.html
ctl_server:
bind: No such file or directory
http://www.isc.org/ml-archives/bind-users/1999/11/msg00840.html
http://www.isc.org/ml-archives/bind-users/1999/11/msg01200.html
http://www.isc.org/ml-archives/bind-users/2000/05/msg00705.html
ctl_server: setsockopt(REUSEADDR): Operation
not supported on socket
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates you're likely running on Solaris 2.4 or earlier and need to upgrade to BIND 8.2.2-P5 or later.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/01/msg00528.html
http://www.isc.org/ml-archives/bind-users/2000/03/msg00729.html
dangling CNAME pointer (sancho.idi.oclc.org)
CATEGORY: cname
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that the response your name server received from a remote name server contained a CNAME record that said that the domain name your name server was looking up, sancho.idi.oclc.org, was an alias for another domain name. The response did not contain any other information about sancho.idi.oclc.org, however, so your name server noted it was incomplete.
REFERENCES:
db/db.oclc:295: data "ns.opentext.com" outside zone
"oclc.org" (ignored)
CATEGORY: load
SEVERITY: info
PAGE: 160; 323-324
FURTHER INFO:
Indicates that you tried to put a resource record for the domain name ns.opentext.com
into the oclc.org zone data file.
Since newer BIND name server only load records from a zone data file
that are within the zone you've configured them to load, this is an error.
As a special case, I also got this version of the message when I had a leading
blank in all the lines in my zone data file:
db/wln/db.199.164.217:73: data "" outside zone
"217.164.199.in-addr.arpa" (ignored)
db_free: DB_F_ACTIVE set – ABORT
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/05/msg00104.html
db_load could not open: db/db.127.0.0: No such file or directory
CATEGORY: load
SEVERITY: warning
PAGE:
FURTHER INFO:
You've configured your name server to load the zone data file db/db.127.0.0
in the working directory, but that file doesn't exist.
db/wln/db.wln.org: Line 2: Unknown type: wln.org..
CATEGORY: load
SEVERITY: info
PAGE:
FURTHER INFO:
Your name server is interpreting wln.org. as the type field in one of your resource records, probably because you started the record with a space character.
db/wln/db.wln.org:2: Database error (wln.org.)
CATEGORY: load
SEVERITY: notice
PAGE: 313
FURTHER INFO:
In one case my zone data file had a leading space in all the lines.
deleting interface [127.0.0.1].53
CATEGORY: default
SEVERITY: notice
PAGE: 163
FURTHER INFO:
Indicates that, because of a problem listening on port 53 on IP address 127.0.0.1, your name server will not try to listen on that interface.
REFERENCES:
denied update from [192.168.1.50].1294 for
"theviews"
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/09/msg00517.html
http://www.isc.org/ml-archives/bind-users/2001/02/msg01806.html
161.79.81.194.in-addr.arpa IN PTR differing
ttls: corrected
CATEGORY: db
SEVERITY: warning
PAGE:
FURTHER INFO:
Indicates that the name server loaded multiple PTR records for the domain name 161.79.81.194.in-addr.arpa, but that these had different TTLs. Since all of the records in an RRset must have the same TTL, the name server corrected the TTLs for the RRset (by setting them to the smallest TTL of the records in the RRset).
done dumping nameserver stats
CATEGORY: statistics
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that your name server received a signal or command to dump its statistics to a file in its working directory, by default called named.stats. See also the message dumping nameserver stats.
drained 57 queries (delay 7 sec)
CATEGORY: default
SEVERITY: notice
PAGE:
FURTHER INFO:
I have seen this occur when I’ve done an ndc dumpdb or ndc stats.
dropping source port zero packet from [216.160.191.178].0
CATEGORY: security
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that your name server received a packet from the host at IP address 216.160.191.178, source port zero. No IP stacks normally send out packets with a source port of zero, but some port scanners do, so it's likely someone was scanning the host that runs your name server.
REFERENCES:
dumping nameserver data
CATEGORY: db
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that your name server received a signal or command to dump a copy
of its database to a file in its working directory, by default called named_dump.db.
dumping nameserver stats
CATEGORY: statistics
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that your name server received a signal or command to dump its statistics to a file in its working directory, by default called named.stats.
Err/TO getting serial# for "worldcat.org"
CATEGORY: xfer-in
SEVERITY: info
PAGE: 309-311
FURTHER INFO:
I've had this happen when I deleted a zone from the primary master name server's named.conf but not the slave's named.conf and then reloaded the master. The slave doesn’t know that the master is no longer authoritative for the zone but dutifully asks the master for the serial number. The master replies to the slave's query, indicating it's not authoritative for the zone. To fix them, update the slave's named.conf to remove the zones you took out of the master's named.conf and reload the slave.
If there is a router's access list and/or a firewall with TCP port 53 disabled (in or out) between the slave and the master then the slave's requests for the zone's serial number will be dropped. To fix it, open a hole in the access list or firewall.
Another cause I’ve encountered is that the slave has to go through the firewall to get to the master and the firewall goes down or the firewall’s connection to the switch (in our case) goes down. Or since the master is also connected to the switch, perhaps that connection went down. Usually this flakiness is logged in the machine’s syslog. For example:
Feb 18
18:46:37 willow unix: SUNW,hme0: Link Down - cable problem?
Feb 18 18:46:41
willow last message repeated 2 times
Feb 18
18:46:42 willow unix: SUNW,hme0: Using Internal Transceiver
Feb 18
18:46:42 willow unix: SUNW,hme0: 100 Mbps full-duplex Link Up
Yet another weird case was where I had started named manually after cron (unbeknownst to me) had started one first. So one named was running and listening on no interfaces (since the named started by cron opened the ports first) but still requesting serial number updates and timing out. The other named was running normally.
error processing update packet (NXRRSET) id 1374
from [192.68.20.116].1163
CATEGORY: update
SEVERITY: error
PAGE:
FURTHER INFO:
A dynamic update from the IP address 192.68.20.116 failed because it included a prerequisite that a certain record type not exist for a domain name. That record type did exist, so the name server didn’t process the update.
REFERENCES:
ev_timers.c:114: INSIST(now.tv_usec >= 0
&& now.tv_usec < 1000000) failed.
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2001/01/msg00339.html
http://www.isc.org/ml-archives/bind-users/2001/02/msg00842.html
http://www.isc.org/ml-archives/bind-users/2001/02/msg01402.html
http://www.isc.org/ml-archives/bind-users/2001/02/msg01451.html
fcntl(dfd, F_DUPFD, 20): Too many open files
CATEGORY:
SEVERITY:
PAGE: 157
FURTHER INFO:
Indicates that your name server tried to open more file descriptors than the operating system would allow. This may be because you have too many network interfaces on your host, or because the operating system's limit is too low.
REFERENCES:
finished dumping nameserver data
CATEGORY: db
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that your name server received a signal or command to dump a copy of its database to a file in its working directory, by default called named_dump.db.
flushset:
out of memory
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
[from Toshio Kumagai] memget() (which calls malloc())
failed on your BIND 8.2.2 name server, possibly because your host ran out of
swap space.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/10/msg00002.html
http://www.isc.org/ml-archives/bind-users/2000/11/msg00238.html
fopen
on /dev/null failed, errno 2
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2001/02/msg01877.html
FORMERR
Forwarding
source address is [0.0.0.0].53
CATEGORY: default
SEVERITY: info
PAGE: 163
FURTHER INFO:
Indicates that your name server is sending queries from INADDR_ANY (i.e., from whichever network interface the kernel chooses based on the routing table), and from port 53.
db/db.132.174.26: Line 18: $GENERATE unknown type:
dhcp26-$.dev.oclc.org..
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that the $GENERATE control statement in the file db/db.132.174.26 has the domain name dhcp26-$.dev.oclc.org in the field for the type of record to generate. For example:
$GENERATE 50-70 $ dhcp26-$.dev.oclc.org.
instead of
$GENERATE 50-70 $ PTR dhcp26-$.dev.oclc.org.
hint zone "" (IN) loaded (serial 0)
CATEGORY: load
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server loaded its root hints zone, which tells it the domain names and IP addresses of the root name servers.
host name "t_terrall.dev.oclc.org" (owner
"51.240.174.132.in-addr.arpa") IN (primary) is invalid - proceeding
anyway
CATEGORY: default
SEVERITY: warning
PAGE:
FURTHER INFO:
Indicates that your name server found the illegal domain name t_terrall.dev.oclc.org in the zone data file, but proceeded to load the zone anyway, because your name checking setting allowed it. If you had left name checking at its default setting (fail instead of warn), then instead of proceeding anyway you'd have seen rejecting, and the name server would not have loaded the whole zone.
REFERENCES:
ns_main.c:537: INSIST(errno == EINTR):
Invalid argument failed.
or
ns_notify.c:353:INSIST((zp-z_flags & Z_NOTIFY) != 0) failed.
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
invalid RR type 'SOA' in additional section (name = 'occ.cc.mi.us') from
[198.108.130.5].53
or
invalid RR type 'A' in authority section (name = 'dns0.doc.ic.ac.uk') from
[146.169.2.2].53
or
invalid RR type 'CNAME' in additional section
(name = 'ns1.toltbbs.com') from [205.214.47.1].53
CATEGORY: response-checks
SEVERITY: info
PAGE:
FURTHER INFO:
The first message indicates that your name server received an SOA record for occ.cc.mi.us in the additional data section of a response from the name server at the IP address 198.108.130.5. Since SOA records should never appear in the additional data section, this is an error.
The second message indicates that your name server received an A record for dns0.doc.ic.ac.uk in the authority section of a response from the name server at the IP address 146.169.2.2. Since A records should never appear in the authority section, this is an error.
The third message indicates that your name server received a CNAME record for ns1.toltbbs.com in the additional data section of a response from the name server at the IP address 205.214.47.1. Since CNAME records should never appear in the additional data section, this is an error. You may also see the types ‘MX’, ‘HINFO’, ‘TXT’ or ‘NS’.
All of these messages indicate a flaw in the implementation (not the configuration) of the remote name server.
Sometimes this message will occur as one of a pair of messages:
invalid RR type 'A' in authority section (name =
'xaymaca.uwimona.edu.jm') from [200.9.115.2].53
Malformed response from [200.9.115.2].53 (out of data in final pass)
db.snydernet:25: IP Address error (192.168.0.08)
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that you used an illegal IP address, 192.168.0.08, in the file db.snydernet on line 25. This particular address is illegal because the name server interprets a leading zero in an octet ("08") to mean that the value is octal, and there is no octal digit "8."
REFERENCES:
db/db.dedip:48: IP Address error near
(firstsearch.dedip.oclc.org.)
or
db/pais/db.pais.org:27: IP Address error near (38.350.56.14)
CATEGORY: load
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicated that the name server found the domain name firstsearch.dedip.oclc.org in a field in which it expected to find an IP address. For example:
;2000-02-15 kco made a cname
;fscat 14400 in
a 204.17.227.17
fscat 14400 in
a firstsearch.dedip.oclc.org.
The last line should be:
fscat 14400 in cname firstsearch.dedip.oclc.org.
This can also occur if you use a value for an octet that is too large, such as 256.
REFERENCES:
IP/TCP connection from [192.68.250.6].43378 (fd 9)
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates either a TCP-based query or zone transfer request from the IP address 192.68.250.6, port 43378.
REFERENCES:
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
Lame server on 'www.candleworks.com' (in 'CANDLEWORKS.com'?):
[216.218.131.2].53 'NS2.HE.NET'
CATEGORY: lame-servers
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server queried the name server NS2.HE.NET while trying to resolve the domain name www.candleworks.com, following delegation that indicated that NS2.HE.NET was authoritative for the CANDLEWORKS.com zone. The response your name server received from NS2.HE.NET, however, showed that the name server was not in fact authoritative for CANDLEWORKS.com, and that the delegation was therefore lame.
REFERENCES:
Lame server on '1.2.151.128.IN-ADDR.ARPA' (in '151.128.in-addr.arpa'?):
[128.151.128.52].53 'NS.UTD.ROCHESTER.EDU': learnt
(A=128.105.2.10,NS=128.8.10.90)
CATEGORY: lame-servers
SEVERITY: info
PAGE: 162-163; 320
FURTHER INFO:
Similar to above, but also specifies the name server you learned the (possibly lame) NS record from (the name server at the IP address 128.8.10.90) and the name server you learned the (possibly incorrect) address of NS.UTD.ROCHESTER.EDU from (128.105.2.10).
REFERENCES:
listening on [127.0.0.1].53 (lo0)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server is listening for queries on port 53 of the IP address 127.0.0.1.
REFERENCES:
log_new_context() failed: not enough space
CATEGORY: config
SEVERITY: panic
PAGE:
FURTHER INFO:
REFERENCES:
Malformed response from [199.171.16.2].53 (dn_expand failed in authority)
or
Malformed response from [12.19.232.10].53 (out of data in final pass)
or
Malformed response from [128.109.131.3].53 (query section mismatch
(www.webpress.net IN A))
or
Malformed response from [209.251.96.2].53 (query section mismatch
(142.wt.109.251.209.in-addr.arpa IN PTR))
or
Malformed response from [134.75.30.1].53 (query section mismatch
(www.KERIS.OR.KR IN MX))
or
Malformed response from [208.221.32.5].53 (answer to wrong question)
or
Malformed response from [132.174.11.1].53 (brain
damage)
CATEGORY: response-checks
SEVERITY: info
PAGE: 160
FURTHER INFO:
Indicates a problem interpreting a response from the specified name server. This may indicate an implementation problem on your name server or on the remote name server.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/08/msg00382.html
http://www.isc.org/ml-archives/bind-users/2000/08/msg00374.html
master zone "0.0.127.in-addr.arpa" (IN) loaded (serial
199912010)
CATEGORY: load
SEVERITY: info
PAGE: 158
FURTHER INFO:
Indicates that your name server loaded the zone 0.0.127.in-addr.arpa, and that the copy of the zone that it loaded had the serial number 199912010.
REFERENCES:
master zone "wln.org" (IN) rejected due to errors (serial 0)
CATEGORY: load
SEVERITY: warning
PAGE: 313
FURTHER INFO:
Indicates that your name server encountered syntax errors or illegal characters while trying to load the zone wln.org, and therefore rejected and did not load the zone.
REFERENCES:
ndc: error: ctl_client: evConnect(fd 3):
Connection refused
http://www.isc.org/ml-archives/bind-users/2000/01/msg00068.html
http://www.isc.org/ml-archives/bind-users/2000/02/msg00512.html
http://www.isc.org/ml-archives/bind-users/2000/05/msg00319.html
http://www.isc.org/ml-archives/bind-users/2000/07/msg00150.html
ndc:
error: ctl_client: evConnect(fd 3): No such file or directory
http://www.isc.org/ml-archives/bind-users/1999/07/msg00260.html
http://www.isc.org/ml-archives/bind-users/1999/06/msg00943.html
http://www.isc.org/ml-archives/bind-users/2000/03/msg00861.html
http://www.isc.org/ml-archives/bind-users/2000/04/msg01282.html
http://www.isc.org/ml-archives/bind-users/2000/06/msg00997.html
http://www.isc.org/ml-archives/bind-users/2000/06/msg00975.html
ndc:
error: ctl_client: evConnect(fd 3): Not a directory
ndc:
error: ctl_client: evConnect(fd 3): Permission denied
http://www.isc.org/ml-archives/bind-users/1999/12/msg00447.html
ndc:
error: ctl_client: evConnect(fd 3): Socket operation on non-socket
http://www.isc.org/ml-archives/bind-users/2000/10/msg00063.html
ndc:
error: ctl_client: socket: Invalid argument
ndc:
error: cannot connect to command channel (/usr/local/etc/ndc)
This
is usually the second of a pair of messages.
The first message is more indicative.
ndc:
error: name server has not started (yet?)
http://www.isc.org/ml-archives/bind-users/2000/03/msg00861.html
ndc:
error: name server was not running (warning only)
http://www.isc.org/ml-archives/bind-users/2000/03/msg00861.html
ndc:
error: named (pid 4902) didn't die
ndc:
usage error: bad channel name (ndc)
http://www.isc.org/ml-archives/bind-users/2001/02/msg01708.html
db/db.dial:7: WARNING: new serial number < old (199912030 <
199978393)
CATEGORY: load
SEVERITY: notice
PAGE: 162
FURTHER INFO:
Indicates that when your name server reloaded the zone data file db/db.dial, it found that the serial number in the file had decremented from its previous value. Since serial numbers are always supposed to increment, this causes a warning.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2001/01/msg00402.html
http://www.isc.org/ml-archives/bind-users/2001/01/msg00404.html
no NS RR for SOA MNAME "movie.edu" in zone "movie.edu"
CATEGORY:
SEVERITY:
PAGE: 324-325
FURTHER INFO:
This error only occurs in BIND version 8.1 name servers. Indicates that your name server could not find an NS record that showed that the domain name in the MNAME field of the SOA record (the first RDATA field) was actually running a name server for the zone. Since the MNAME field is supposed to contain the domain name of the primary master name server for the zone, this was (briefly) an error.
REFERENCES:
No root nameservers for class 226
CATEGORY: default
SEVERITY: info
PAGE: 161-162; 315
FURTHER INFO:
Indicates that a remote resolver or name server sent your name server a query for a domain name in the (non-existent) class 226. Since your name server didn't know where the root name servers for class 226 are, it couldn't even begin to resolve the name. Sometimes you'll see class 0 or class CHAOS.
REFERENCES:
http://www.isi.edu/in-notes/iana/assignments/dns-parameters
has a list of valid classes.
[132.174.11.252] no SOA
found for fs.dedip.oclc.org, SOA query got rcode 3, aa 1, ancount 0, aucount 1
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
I got this on the slave name server when I removed the zone fs.dedip.oclc.org from the master and the slave's named.conf files, ran ndc reconfig on the master but before I could run ndc reconfig on the slave, the slave requested the SOA record for the zone, which now the master no longer knew about. I ran ndc reconfig on the slave to correct the situation.
This was a message logged to syslog by named-xfer. Very soon after that in the syslog file was
the message from named, Err/TO getting serial# for "fs.dedip.oclc.org".
[192.249.249.3] not authoritative for
movie.edu, SOA query got rcode 0, aa 0, ancount 0, aucount 0
CATEGORY:
SEVERITY:
PAGE: 311
FURTHER INFO:
See entry under Bad response to SOA query...
REFERENCES:
not listening on any interfaces
CATEGORY: default
SEVERITY: warning
PAGE: 163
FURTHER INFO:
Indicates that because of problems listening on your host's network interfaces (e.g., conflicts with other programs already listening on those interfaces), your name server is not listening on any network interfaces, and therefore probably not doing anyone much good. Quite often, this is simply because there's another name server running. For more complicated situations, programs like lsof, which list open files and which programs have them open, can help you track down and resolve the conflicts.
REFERENCES:
NOTIFY(SOA) for non-origin
(113.174.132.in-addr.arpa), from [132.174.11.252].53
CATEGORY: notify
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that the name server received a NOTIFY message for the zone 113.174.132.in-addr.arpa, but that the name server thought that domain name wasn't the domain name of a zone.
I got this message when I had added the zone 113.174.132.in-addr.arpa to the master and slave name server’s named.conf files then ran ndc reconfig on the master. Before I could run ndc reconfig on the slave, the master had sent the NOTIFY to the slave which did not know about this zone, so the slave complained with this message.
REFERENCES:
NOTIFY(SOA) for non-secondary name (0.0.127.in-addr.arpa), from
[132.174.19.28].53
CATEGORY: notify
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server received a NOTIFY message telling it that the serial number of the 0.0.127.in-addr.arpa zone had incremented on the name server at IP address 132.174.19.28. Since your name server isn't a slave name server for 0.0.127.in-addr.arpa, it wondered why it had received the message.
REFERENCES:
NOTIFY(SOA) for zone already xferring (sgmlopen.org)
CATEGORY: notify
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server received a NOTIFY message (see above) for
the zone sgmlopen.org, but that it was already in the process of
transferring that zone, so it ignored the message.
NOTIFY(SOA) from non-master server (zone eia.dedip.oclc.org), from
[132.174.12.142].53
CATEGORY: notify
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server received a NOTIFY message for the zone eia.dedip.oclc.org from an IP address that is not one IP addresses of your name server's master server for that zone. Therefore, your name server ignored the message.
NOTIMP
NSTATS 942153823 941779425 A=86974 NS=2 CNAME=59 SOA=6 MG=5 PTR=17610
HINFO=141 MX=5631 TXT=6 AAAA=138 LOC=2 MAILB=5 ANY=2066
CATEGORY: statistics
SEVERITY: info
PAGE: 158
FURTHER INFO:
This is one of a troika of statistical messages (NSTATS, USAGE and XSTATS). This one lists the current time (in seconds since the beginning of the UNIX epoch), the time your name server started, and how many queries your name server has received of various types.
ns_forw:
query(www.elibraries.net) All possible A RR's lame
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server found that all of the name servers for the elibraries.net zone were lame while trying to resolve the domain name www.elibraries.net, and therefore the domain name couldn't be resolved.
REFERENCES:
ns_forw:
query(200.229.99.195.in-addr.arpa) Bogus LOOPBACK A RR
(localhost.geosrv.com:127.0.0.1)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server was referred to a name server at the loopback address while resolving 200.229.99.195.in-addr.arpa.
ns_forw: query(www.opticalwear.org) contains our address
(CHOW.NANU.COM:208.223.9.67)
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that, while resolving www.opticalwear.org, your name server was referred to its own address. Since this delegation is clearly lame—if your name server were authoritative for the delegated zone, it wouldn't have had to query a remote name server to resolve the domain name—your name server reported the error.
REFERENCES:
ns_forw: query(www.elibraries.net) forwarding loop
(NS.OCLC.ORG:132.174.19.28)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
See above.
REFERENCES:
ns_forw: query(INFOSUN.KOTEL.CO.KR) NS
points to CNAME (daiduk.kaist.ac.kr:)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that, while resolving the domain name INFOSUN.KOTEL.CO.KR, your name server was referred to the name server daiduk.kaist.ac.kr, but that the name daidukkaist.ac.kr is an alias, which is illegal.
ns_forw: sendto([198.41.0.10].53):Network is
unreachable
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
See entry under ns_req:
sendto([192.168.254.192].2653): Connection refused
ns_forw: sendto([210.176.152.18].53): Operation not permitted
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/05/msg00224.html
http://www.isc.org/ml-archives/bind-users/2000/05/msg00281.html
ns_forw: sendto([199.62.111.56].53): Resource temporarily unavailable
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Running man sendto returns text which includes “ENOBUFS
Insufficient resources were available in the system to perform the
operation”. I have seen this occur when
our name server got very busy.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/03/msg00551.html
ns_req: sendto([192.168.254.192].2653): Connection refused
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server sent a response to the IP address 192.168.254.192, port 2653, but that there wasn't anything listening on that port.
REFERENCES:
ns_req: sendto([168.95.1.2].53): No buffer space available
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
ns_resp: query(242.240.112.207.in-addr.arpa) A RR negative cache entry
(NS0.NAP.NET:)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server tried to follow a referral to the name server NS0.NAP.NET while resolving the domain name 242.240.112.207.in-addr.arpa, but found that it had already cached the fact that NS0.NAP.NET didn't exist.
REFERENCES:
ns_resp: query(www.genweb.net) All possible A RR's lame
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
See entry under ns_forw: query(): All possible A RR's lame...
REFERENCES:
ns_resp: query(200.229.99.195.in-addr.arpa) Bogus LOOPBACK A RR
(localhost.geosrv.com:127.0.0.1)
or
ns_resp: query(isa.org.jm) Bogus BROADCAST A RR
(cobalt.isa.org.jm:255.255.255.255)
or
…Bogus MULTICAST A RR…
or
ns_resp: query(www.fda.gov) Bogus (0.0.0.0) A RR (RESERVED:0.0.0.0)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
See entry under ns_forw: query(): Bogus LOOPBACK A RR...
ns_resp: query(bc-bucharest.bcouncil.org) Glue A RR missing
(NS1.TRINITE.CO.UK:)
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that, while resolving bc-bucharest.bcouncil.org, your name server was referred to the name server NS1.TRINITE.CO.UK, but there were no address records for that domain name.
REFERENCES:
ns_resp: query(155.128/26.218.32.216.in-addr.arpa) No possible A RRs
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
See above.
REFERENCES:
ns_resp: query(INFOSUN.KOTEL.CO.KR) NS points to CNAME
(daiduk.kaist.ac.kr:)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
See entry under ns_forw: query() NS points to CNAME ()...
ns_resp: server name mismatch for [216.32.119.8]:
(n8g.ak.amaitech.net!=n8g.a.yimg.com) (server for a1.g.a.yimg.com).
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
This error only occurs in BIND version 4 name servers. Indicates that the name server at the IP address 216.32.119.8 is known by multiple domain names, n8g.ak.amaitech.net and n8g.a.yimg.com. This configuration is allowed, however.
REFERENCES:
ns_resp: TCP truncated: "167.133.200.192.in-addr.arpa" IN PTR
from [192.200.128.254].53
CATEGORY: default
SEVERITY: error
PAGE:
FURTHER INFO:
Indicates that, when retrying over TCP a UDP query that had previous elicited a truncated response, your name server again received a truncated response—despite the fact that TCP can support a whopping 64K response. This is usually because a zone administrator is trying to attach too many resource records to a domain name.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2001/02/msg01053.html
ns_udp checksums NOT turned on: exiting
CATEGORY:
SEVERITY:
PAGE: 326
FURTHER INFO:
Indicates that the host running the name server does not have UDP checksumming turned on.Since the name server uses UDP extensively, and UDP datagrams can be undetectably corrupted without UDP checksumming on, the name server requires that checksumming be turned on.
NXDOMAIN
only one channel allowed for the eventlib category
or
only one channel allowed for the packet category
CATEGORY: config
SEVERITY: error
PAGE:
FURTHER INFO:
Indicates that you configured multiple logging channels for a category of logging that supports only a single channel. In this case, named.conf had
category packet { default_debug; my_file; };
owner name "webln_dev.wln.com" IN (primary) is invalid -
proceeding anyway
or
owner name "webln_dev.wln.com" IN (primary) is invalid - rejecting
CATEGORY: default
SEVERITY: warning
PAGE: 158; 313
FURTHER INFO:
Indicates that the owner name webln_dev.wln.com in one of your resource records is illegal. See also entry under host name "t_terrall.dev.oclc.org" (owner "51.240.174.132.in-addr.arpa") IN (primary) is invalid...
REFERENCES
http://www.isc.org/ml-archives/bind-users/2000/12/msg00671.html
parser: error: /usr/local/etc/named.conf:482:
syntax error near ;
CATEGORY: parser
SEVERITY: error
PAGE:
FURTHER INFO:
In one case, in the named.conf file I had a mistaken the comment character to use:
;2000-02-01 kco added for reverse addresses per Gene L
should have been
#2000-02-01 kco added for reverse addresses per Gene L
REFERENCES:
"ACS.STRITCH.EDU IN A" points to a CNAME (ACS.STRITCH.EDU)
or
"181.190.192.in-addr.arpa IN NS" points to a CNAME
(MUWAYA.ITS.UNIMELB.EDU.AU)
or
"columbus.rr.com IN MX" points to a CNAME
(mail-hub.columbus.rr.com)
or
"colosys.net IN SOA" points to a CNAME (colosys.net)
CATEGORY: cname
SEVERITY: info
PAGE: 160-161
FURTHER INFO:
Indicates that the domain name in parenthesis is an alias, when BIND expects it to own an address record. The domain name appears in the record specified in quotation marks.
premature EOF, fetching
"mytestdomain.com"
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
This is a named-xfer message.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/12/msg00086.html
query log off
or
query log on
CATEGORY: default
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that you used a signal or command to turn query logging off or on, respectively.
rcvd NOTIFY for "dublincore.org", name not one of our zones
CATEGORY: notify
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server received a NOTIFY message to indicate that the serial number of the zone dublincore.org had incremented, but that your name server was not a slave name server for that zone.
REFERENCES:
Ready to answer queries.
CATEGORY: default
SEVERITY: notice
PAGE: 163
FURTHER INFO:
Indicates that your name server is running and ready to answer queries.
Received NOTIFY answer for "174.132.in-addr.arpa IN SOA"
CATEGORY: notify
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server received a NOTIFY response from a slave name
server, almost certainly in response to a NOTIFY message your name server
previously sent to that name server about the zone 174.132.in-addr.arpa.
reconfiguring nameserver
CATEGORY: default
SEVERITY: notice
PAGE:
FURTHER INFO:
Informational message after you've run ndc reconfig.
record too short from [192.249.249.3], zone movie.edu
CATEGORY:
SEVERITY:
PAGE: 310-311
FURTHER INFO:
Indicates one of a number of problems:
The master name server for movie.edu, at the IP address 192.249.249.3, is restricting zone transfers and your name server can't have one.
You've made movie.edu (the domain name of a zone) an alias for another domain name, which is illegal.
recv(len=2): Connection timed out
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
This message is from named-xfer.
REFUSED
refused query on non-query socket from [132.174.47.132].4457
CATEGORY: security
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that your name server received a query from the host at IP address 132.174.47.132, port 4457, on a socket it was using to send queries, not receive queries.
REFERENCES:
reloading nameserver
CATEGORY: default
SEVERITY: notice
PAGE: 156-157; 309
FURTHER INFO:
Indicates that your name server responded to a signal or a command to reload
its configuration and any changed zones.
Response from unexpected source ([192.117.147.131].53)
CATEGORY: default
SEVERITY: info
PAGE: 161; 322-323
FURTHER INFO:
Indicates that your name server received a response from a remote name server but that it hadn't queried that name server, and therefore didn't expect (and dropped) the response.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/1999/02/msg00540.html
http://www.isc.org/ml-archives/bind-users/2000/06/msg01288.html
savedata: memget
CATEGORY: panic
SEVERITY: critical
PAGE:
FURTHER INFO:
Indicates that the named process was unable to allocate more memory. This is probably because the kernel is placing overly strict memory limits on processes. See the limit and ulimit commands to see what the per-process limit is, and BIND’s datasize options substatement to request a larger limit.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/04/msg00621.html
secondary zone "movie.edu" expired
CATEGORY:
SEVERITY:
PAGE: 309-311
FURTHER INFO:
Indicates that, because of an inability to successfully refresh the movie.edu zone within the zone's expiration interval, your name server expired the zone and is now answering queries for domain names in the zone with a SERVFAIL response code.
REFERENCES:
secondary zone "age0123.bb" time
warp
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that the name server checked when the zone age0123.bb was last updated, and that time was (will be?) in the future, which makes no sense. This usually indicates that you've got some primitive time synchronization software running, or someone recently reset the time backwards with the date command.
REFERENCES:
Sent NOTIFY for "174.132.in-addr.arpa IN SOA" (174.132.in-addr.arpa);
2 NS, 2 A
CATEGORY: notify
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server sent NOTIFY messages to two name servers to
indicate that the serial number of the zone 174.132.in-addr.arpa had
incremented.
serial from [<primary addr>], zone
<domain>: 0 lower than current: 2000111900
CATEGORY: load
SEVERITY: info
PAGE:
FURTHER INFO:
This is a named-xfer message.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/11/msg00308.html
SERVFAIL
slave zone "oclc.org" (IN) loaded (serial 199912070)
CATEGORY: load
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server loaded the zone oclc.org, with serial number 199912070, which it is a slave for.
slave zone "17.172.in-addr.arpa"
(IN) removed
CATEGORY: config
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that the name server removed the zone 17.172.in-addr.arpa after
a reload, since this zone's zone statement had been removed from named.conf. On the master server you'd see the message master
zone "17.172.in-addr.arpa" (IN) removed.
SOA TSIG verification from server
[aaa.bbb.ccc.ddd], zone somedomain.com: message had BADTIME set (18)
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that the response from the name server aaa.bbb.ccc.ddd to your name server's SOA query was signed with TSIG, but that the signature time wasn't within 10 minutes, so your name server ignored the response. This could be due to a lack of time synchronization between your name server and the name server at aaa.bbb.ccc.ddd, or (less likely) a replay attack.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2001/01/msg00626.html
socket(SOCK_RAW): Too many open files
CATEGORY:
SEVERITY:
PAGE: 238; 325-326
FURTHER INFO:
Indicates that your name server tried to open more files concurrently than the operating system would allow. You can use the files options substatement to have named request a larger limit on open files, or you can change the limit in the kernel parameters.
source file of dynamic zone <zone> has
changed
CATEGORY:
SEVERITY: warning
PAGE:
FURTHER INFO:
REFERENCES:
stale: impossible condition
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/12/msg00218.html
starting
(/usr/local/etc/named.conf). named
8.2.3-REL Mon Jan 29 13:50:45 EST 2001
root@test-thing:/home1/oneil/bind.8.2.3/src/bin/named
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
This message is logged to
syslog only. With BIND 8.2.3 the
location of the named.conf file is included.
stream_getlen([1.2.3.4].3108): Broken pipe
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server was serving a zone transfer to the slave name server at IP address 1.2.3.4, port 3108, but that the slave rudely and abruptly closed the TCP connection without transferring the entire zone.
REFERENCES:
stream_getlen([132.174.41.201].49354): Connection timed out
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
stream_getlen([207.82.61.10].2200): request too small
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server received a query whose TCP header indicated that the query was smaller than the smallest possible DNS query. Consequently, your name server rejected it.
REFERENCES:
suppressing duplicate notify
("example.com" IN SOA)
CATEGORY: notify
SEVERITY: info
PAGE:
FURTHER INFO:
REFERENCES:
/etc/named.conf:10: syntax error near 'movie.edu'
CATEGORY:
SEVERITY:
PAGE: 312-313
FURTHER INFO:
sysquery: findns error (NXDOMAIN) on ns3.oclc.org?
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server tried to resolve the IP address of ns3.oclc.org because that domain name appeared on the right side of an NS record, but that your name server encountered an error while looking up the address. NXDOMAIN (or 3) means that the domain name ns3.oclc.org doesn't exist. The error SERVFAIL (or 2) indicates that the authoritative name servers for oclc.org are probably badly misconfigured.
REFERENCES:
sysquery: nlookup error on ?.
CATEGORY:
SEVERITY: info
PAGE:
FURTHER INFO:
Turned out the db.cache (root hints) file was missing [from Michael J. Micek].
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/07/msg00445.html
sysquery: no addrs found for root NS ()
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
sysquery: nslookup reports danger
(3.188.161.205.in-addr.arpa)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
REFERENCES:
sysquery: query(ring.kotel.co.kr) NS points to CNAME (daiduk.kaist.ac.kr:)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
See entries under ns_forw(): query... and ns_resp(): query...
tcp_send: bind(query_source): Permission denied
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2001/02/msg00899.html
There may be a name server already running on [127.0.0.1].53
CATEGORY: default
SEVERITY: error
PAGE:
FURTHER INFO:
Indicates that, because your name server was unable to listen on any of your host's network interfaces, it is likely that another name server is already running and listening on those interfaces.
[[206.153.116.21].13172] transfer refused
from [206.153.116.8], zone psk.net
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
This is a named-xfer message.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/1999/08/msg01069.html
unapproved AXFR from [132.174.19.16].36285 for "riptor.com"
(acl)
or
unapproved AXFR from [132.174.12.141].48961 for
"80.174.132.in-addr.arpa" (not master/slave)
or
unapproved AXFR from [193.171.255.2].60632 for "notes.bibos.at"
(not zone top)
or
unapproved AXFR from [62.156.153.47].54864 for
0.8.25.194.in-addr.arpa" (not auth)
CATEGORY: security
SEVERITY: notice
PAGE: 159-160
FURTHER INFO:
The first case indicates that your name server denied a zone transfer of the zone riptor.com to the host at IP address 132.174.19.16 because of a local access list (acl). The second indicates that your name server denied a zone transfer of the zone 80.174.132.in-addr.arpa because it wasn’t authoritative for that zone and couldn’t serve a zone transfer. This indicates a misconfiguration on the slave’s part (incorrectly listing your name server as the master for the zone). The third indicates that your name server denied a zone transfer of notes.bibos.at because notes.bibos.at isn’t the domain name of a zone, but rather a domain name in a larger zone (like bibos.at). This indicates a misconfiguration on the slave’s part. The fourth indicates that your name server denied a zone transfer of 0.8.25.194.in-addr.arpa, probably because of a syntax error or illegal domain name in the zone.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/1999/08/msg01069.html
http://www.isc.org/ml-archives/bind-users/1999/08/msg01096.html
unapproved recursive query from [192.31.106.5].53 for njwg.cap.gov
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server refused to answer a query for the domain name njwg.cap.gov from the host at IP address 192.31.106.5.
REFERENCES:
unapproved update from [132.174.25.169].1848 for 174.132.in-addr.arpa
CATEGORY: security
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicates that your name server refused a dynamic update to the zone 174.132.in-addr.arpa from the host at IP address 132.174.25.169.
REFERENCES:
db/db.rsch:3: unexpected end of line
CATEGORY: db
SEVERITY: error
PAGE:
FURTHER INFO:
In one case, this was from the "(" not being at the end of line in the SOA record around line 3 in the file db.rsch. Newly enforced syntax check with version 8.2.3. The zone will be rejected due to errors. Also got the message db/db.rsch:4: expected a TTL, got "(" and several others.
REFERENCES:
unix control "/usr/local/etc/ndc" not socket
and
unix control "/var/run/ndc" connect failed: Invalid argument
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/01/msg00529.html
http://www.isc.org/ml-archives/bind-users/2000/09/msg00705.html
uninterpretable
server (servers) for 174.132.in-addr.arpa
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
This is a named-xfer message. I
was trying a manual named-xfer but made the following mistake.
named-xfer -z 174.132.in-addr.arpa -f db.132.174.kco -d 5 -l /etc/named/db/xfer1 -t /etc/named/db/trace1 servers 132.174.12.142
should have been
named-xfer -z 174.132.in-addr.arpa -f db.132.174.kco -d 5 -l /etc/named/db/xfer1 -t /etc/named/db/trace1 132.174.12.142
REFERENCES:
http://www.isc.org/ml-archives/bind-users/1999/12/msg00559.html
unrelated additional info 'socal.aprs.net' type A from
[199.227.86.221].53
CATEGORY: response-checks
SEVERITY: info
PAGE:
LINKS:
Indicates that your name server received a response from the name server at the IP address 199.227.86.221 that contained an address record for the domain name socal.aprs.net that was unrelated to any previous record in the message, and hence ignored.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/07/msg00574.html
http://www.isc.org/ml-archives/bind-users/2000/11/msg00184.html
USAGE 942153823 941779425 CPU=91.82u/46.14s CHILDCPU=1.42u/2.23s
CATEGORY: statistics
SEVERITY: info
PAGE: 158
FURTHER INFO:
One of a troika of stat messages (NSTATS, USAGE and XSTATS).
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
db/db.10.10.1: WARNING SOA expire value is
greater than 6 months (20000000)
CATEGORY: db
SEVERITY: warning
PAGE: discussion on pages 89-91
FURTHER INFO:
Indicates that the SOA record in the file db/db.10.10.1 has an expire
value that is too high. Expire is
usually less than one month.
db/db.10.10.1: WARNING SOA expire value is less than refresh + 10 * retry
(3600 < (900 + 10 * 300))
CATEGORY: db
SEVERITY: warning
PAGE: discussion on pages 89-91
FURTHER INFO:
Indicates that the SOA record in the file db/db.10.10.1 has an expire value that is probably too low, since it’s less than one refresh interval plus ten retries.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/07/msg00901.html
2millcom.zone: WARNING SOA expire value is less than 7 days (432000)
CATEGORY: db
SEVERITY: warning
PAGE: discussion on pages 89-91
FURTHER INFO:
Indicates that the SOA record in the file 2millcom.zone has an expire value that is too low. Expire is usually more than one week.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/07/msg00901.html
db/db.10.10.1:
WARNING SOA expire value is less than SOA refresh+retry (1000 < 900+300)
CATEGORY: db
SEVERITY: notice
PAGE: discussion on pages 89-91
FURTHER INFO:
Indicates that the SOA record in the file db/db.10.10.1 has an expire value that is probably too low, since it’s less than the sum of the refresh interval and the retry interval.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/07/msg00901.html
db/db.10.10.1: WARNING SOA refresh value is less than 2 * retry (900 < 3600
* 2)
CATEGORY: db
SEVERITY: warning
PAGE: discussion on pages 89-91
FURTHER INFO:
Indicates that the SOA record in the file db/db.10.10.1 has a refresh value that is less than twice the retry value. Retry is usually some fraction of refresh, less than half.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2000/07/msg00901.html
wrong ans. name (img.crosswalk.com != img2.crosswalk.com)
CATEGORY: response-checks
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that the domain name in the answer (img.crosswalk.com) didn’t match the domain name in the query (img2.crosswalk.com), and therefore the answer was ignored.
REFERENCES:
XSTATS 942153823 941779425 RR=39156 RNXD=126 RFwdR=1308 RDupR=8 RFail=9 RFErr=0
RErr=0 RAXFR=0 RLame=55 ROpts=0 SSysQ=37276 SAns=111647 SFwdQ=1041 SDupQ=816
SErr=0 RQ=112645 RIQ=0 RFwdQ=0 RDupQ=21 RTCP=0 SFwdR=1308 SFail=0 SFErr=0
SNaAns=2388 SNXD=11422
CATEGORY: statistics
SEVERITY: info
PAGE: 158
FURTHER INFO:
One of a troika of stat messages (NSTATS, USAGE and XSTATS).
XX /<ip address>/<domain name>/A
CATEGORY: queries
SEVERITY: info
PAGE:163; 306-307
FURTHER INFO:
Indicates that your name server received an iterative query (XX) from ip address for the address of the domain name.
REFERENCES:
XX+/<ip address>/<domain name>/A
CATEGORY: queries
SEVERITY: info
PAGE:163; 306-307
FURTHER INFO:
Indicates that your name server received a recursive query (XX+) from ip address for the address of the domain name.
REFERENCES:
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Zone "domainname.com" (file
domainname.com.db): multiple SOA RRs found
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that the file domainname.com.db has multiple SOA records. Since each zone data file describes only one zone and each zone has exactly one SOA record, this is an error.
REFERENCES:
Zone "2000themillennium.com" (file
2000themillennium.com.hosts): no NS RRs found at zone top
followed by
master zone "2000themillennium.com" (IN) rejected due to errors
(serial 96091552)
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server found no NS records for the zone 2000themillennium.com when it read that zone's data file, 2000themillennium.com.hosts. This is illegal, so your name server rejected and did not load the zone.
REFERENCES:
Zone "wln.com" (file db/wln/db.wln.com): no SOA RR found
CATEGORY: load
SEVERITY: warning
PAGE:
FURTHER INFO:
Indicates that your name server found no SOA record for the zone wln.com when it read that zone's data file, db/wln/db.wln.com.This is illegal, so your name server rejected and did not load the zone.
Zone "wln.org" (file db/wln/db.wln.org): No default TTL set
using SOA minimum instead
CATEGORY: load
SEVERITY: warning
PAGE:
FURTHER INFO:
This error only occurs on BIND 8.2 and newer version name servers. Indicates that your name server found no $TTL control statement for the zone wln.org when it read that zone's data file, db/wln/db.wln.com. The $TTL control statement sets the default time to live for records in the zone. However, the name server will use the last RDATA field in the SOA record, formerly called the minimum TTL, so this is just a warning.
REFERENCES:
http://www.isc.org/products/BIND/docs/config_hints.html
zone: hdqt.valinux.com/IN: non-glue record
below bottom of zone: dev.wwwi.hdqt.valinux.com/TXT
CATEGORY: db
SEVERITY: error
PAGE:
FURTHER INFO:
Indicates that the zone data file for hdqt.valinux.com includes a TXT record for the domain name dev.wwwi.hdqt.valinux.com, but that dev.wwwi.hdqt.valinux.com is in a delegated subdomain of hdqt.valinux.com, and therefore belongs in that zone's data file.
REFERENCES:
http://www.isc.org/ml-archives/bind-users/2001/01/msg01112.html
http://www.isc.org/ml-archives/bind-users/2001/01/msg01113.html
http://www.isc.org/ml-archives/bind-users/2001/01/msg01142.html
Zone "dial.oclc.org" (IN) SOA serial# (199912030) rcvd from
[132.174.12.142] is < ours (199978393)
CATEGORY: xfer-in
SEVERITY: notice
PAGE: 162; 307-309
FURTHER INFO:
Indicates that your name server received response from its master name server for the zone dial.oclc.org indicating that the zone's serial number had decreased. Since this is illegal, your name server issued a warning.
zone transfer (AXFR) of "fs.dedip.oclc.org" (IN) to
[132.174.12.141].60685
CATEGORY: xref-out
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server successfully transferred the zone fc.dedip.oclc.org to the host (and probably the slave name server) at 132.174.12.141.
zone transfer timeout for
"per.paradox.net.au"; pid 23487 killed
followed by
named-xfer "per.paradox.net.au" exited with signal 15
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that the transfer of the zone per.paradox.net.au was killed because it took longer than max-transfer-time-in (by default, 120 minutes).
zoneref: Masters for secondary zone "movie.edu" unreachable
CATEGORY:
SEVERITY: notice
PAGE: 159; 309-311
FURTHER INFO:
Indicates that your name server was unable to reach its master name server(s) for the zone movie.edu.
REFERENCES:
Last modified: 2001-03-30 by Kevin O'Neil