Hello everyone -
I run bind version 9.8.2 on CentOS 6.5. The daily logwatch run sends me the
following items. Are any of these a real problem?
============
checkhints: extra NS 'A.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'B.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'C.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'D.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'E.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'F.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'G.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'H.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'I.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'J.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'K.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'L.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: extra NS 'M.ROOT-SERVERS.NET' in hints: 170 Time(s)
checkhints: unable to find root NS 'ns1.dnslibre.info' in hints: 147
Time(s)
checkhints: unable to find root NS 'ns1.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns10.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns2.dnslibre.info' in hints: 147
Time(s)
checkhints: unable to find root NS 'ns2.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns3.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns4.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns5.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns6.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns7.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns8.opennic.glue' in hints: 170
Time(s)
checkhints: unable to find root NS 'ns9.opennic.glue' in hints: 147
Time(s)
clients-per-query decreased to 10: 2 Time(s)
(repeated many time with various numbers)
==================
The hints file DOES contain two entries for each of the ROOT-SERVERS. One is
the ipv4 address and the other is the ipv6 address. I use the hints file
downloaded from http://www.internic.net/domain/named.root .
The hints file does NOT contain any entries for the opennic.glue or
dnslibre.info servers. However, when I run "rndc -all", the output
shows that
bind has entries for those servers. The names will resolve and answer ping.
I searched all over trying to find information on the clients-per-query
setting. My named.conf file does not contain an entry for clients-per-query.
Is there some detailed documentation on this setting? What does it really do?
Three more notes: 1) I see no problems in daily operation. All web browsing
works as does resolution for local machines. 2) This bind server does not get
queries from outside my local network. 3) I use OpenNIC as the
"forwarders"
servers. I used to use OpenDNS until they stopped handling Yahoo email
correctly.
Thanks - Bill Gee
Always Learning
2014-Oct-08 13:11 UTC
[CentOS] named log entries - Are any of these a problem?
On Wed, 2014-10-08 at 08:05 -0500, Bill Gee wrote:> I run bind version 9.8.2 on CentOS 6.5. The daily logwatch run sends me the > following items. Are any of these a real problem?>checkhints: unable to find root NS 'ns1.opennic.glue' in hints: 170Time(s) Host ns1.opennic.glue not found: 3(NXDOMAIN)> checkhints: unable to find root NS 'ns9.opennic.glue' in hints: 147 Time(s)Host ns9.opennic.glue not found: 3(NXDOMAIN) Seems your set-up is wrong. -- Regards, Paul. England, EU.
Hello everyone - Update on this: I did some more searching and discovered that OpenNIC is intended to replace the normal top-level DNS servers. It's not just a simple forwarder. I changed my forwarders to AlternateDNS. After two days I no longer get either of the checkhints messages shown below. The hints file has not changed - it still contains both A and AAAA records, but there is no longer any message about extra entries. "Rndc dumpdb -all" shows that the opennic.glue entries have been flushed. Dig will resolve names like ns2.opennic.glue, but ping fails. That leaves the log messages about changing the clients-per-query. More searching finally found me some documentation on the entry. The log messages do not indicate a problem - they are just named doing some self-tuning. Just in case, I added clients-per-query 20 max-clients-per-query 30 to the options section of my named.conf file. I still get some messages about named changing clients-per-query, but I am going to just ignore them for now. Bill Gee On Wednesday, October 08, 2014 08:05:38 Bill Gee wrote:> Hello everyone - > > I run bind version 9.8.2 on CentOS 6.5. The daily logwatch run sends me the > following items. Are any of these a real problem? > > ===========> checkhints: extra NS 'A.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'B.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'C.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'D.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'E.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'F.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'G.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'H.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'I.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'J.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'K.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'L.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: extra NS 'M.ROOT-SERVERS.NET' in hints: 170 Time(s) > checkhints: unable to find root NS 'ns1.dnslibre.info' in hints: 147 > Time(s) > checkhints: unable to find root NS 'ns1.opennic.glue' in hints: 170 > Time(s) checkhints: unable to find root NS 'ns10.opennic.glue' in hints: > 170 Time(s) > checkhints: unable to find root NS 'ns2.dnslibre.info' in hints: 147 > Time(s) > checkhints: unable to find root NS 'ns2.opennic.glue' in hints: 170 > Time(s) checkhints: unable to find root NS 'ns3.opennic.glue' in hints: 170 > Time(s) checkhints: unable to find root NS 'ns4.opennic.glue' in hints: 170 > Time(s) checkhints: unable to find root NS 'ns5.opennic.glue' in hints: 170 > Time(s) checkhints: unable to find root NS 'ns6.opennic.glue' in hints: 170 > Time(s) checkhints: unable to find root NS 'ns7.opennic.glue' in hints: 170 > Time(s) checkhints: unable to find root NS 'ns8.opennic.glue' in hints: 170 > Time(s) checkhints: unable to find root NS 'ns9.opennic.glue' in hints: 147 > Time(s) clients-per-query decreased to 10: 2 Time(s) > (repeated many time with various numbers) > ==================> > The hints file DOES contain two entries for each of the ROOT-SERVERS. One > is the ipv4 address and the other is the ipv6 address. I use the hints > file downloaded from http://www.internic.net/domain/named.root . > > The hints file does NOT contain any entries for the opennic.glue or > dnslibre.info servers. However, when I run "rndc -all", the output shows > that bind has entries for those servers. The names will resolve and answer > ping. > > I searched all over trying to find information on the clients-per-query > setting. My named.conf file does not contain an entry for > clients-per-query. Is there some detailed documentation on this setting? > What does it really do? > > Three more notes: 1) I see no problems in daily operation. All web > browsing works as does resolution for local machines. 2) This bind server > does not get queries from outside my local network. 3) I use OpenNIC as > the "forwarders" servers. I used to use OpenDNS until they stopped > handling Yahoo email correctly. > > Thanks - Bill Gee > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos