- DNS glossary
- DNS Q&A Corner
- DNS Related Links
- Knowledge base
- Security Notices
- BIND 8/9 log messages
- Tools
BIND 8/9 log messages
Log messages for BIND 8 named, named-xfer, ndc and some for BIND 9
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Revision History since prior version
This is not a complete list of the messages, just the ones I've personally encountered or ones that I've seen on the mailing lists.
Page references are to pages in DNS and BIND, 3rd edition, now out of print because the 4th edition is available. The latest edition is available from your local technical bookstore or online (for example, at Amazon.com).
Sometimes the source code can give more clues to the problem, so grep the source code that you've downloaded from ISC: in directory src/bin/named, grep ns_log *.c | more will list all the lines that result in log messages; or grep for the message text you're interested in.
The ISC (Internet Software Consortium) also has a searchable BIND Users Mailing List Archive. With the advent of BIND 9, BIND 9 users can search the BIND 9 Users Mailing list archive.
The people whose answers I have found most useful are Barry Margolin, Mark Andrews, Jim Reid, Joseph S. D. Yao, Matt Larson, and Cricket Liu (be sure to visit Cricket's DNS Corner).
There are several recently published books on DNS:
• DNS and BIND, 4th edition by Paul Albitz and Cricket Liu
• The Concise Guide to DNS and BIND by Nicolai LangfeldtÚthis contains a section with explications of some of these messages as well.
• Linux DNS Server Administration by Craig Hunt
• DNS on Windows NT by Paul Albitz, Matt Larson and Cricket Liu
• DNS on Windows 2000 by Matt Larson and Cricket Liu
• Windows NT DNS by Michael Masterson, Herman Knief, Scott Vinick and Eric Roul
• The Concise Guide to Microsoft Windows 2000 DNS by Andy Ruth and Bob Collier
• Windows 2000 DNS Server by William Wong
If you are seeking explications of Windows DNS event ids, then a good source to search by event id is www.eventid.net/search.asp.
Send me any corrections/amplifications/suggestions.
A
parser: error: /usr/local/etc/named.conf:161: address/mask mismatch; skipping
CATEGORY: parser
SEVERITY: error
PAGE:
FURTHER INFO:
There are more bits specified in the address than are required by the specified netmask.
approved AXFR from [132.174.12.141].60685 for "fs.dedip.oclc.org"
CATEGORY: security
SEVERITY: info
PAGE: 159
FURTHER INFO:
Indicates that the host at IP address 132.174.12.141 successfully transferred the zone with the domain name fs.dedip.oclc.org from your name server.
B
bad referral (state.il.us !< SOS.STATE.IL.US)
or
bad referral (state.il.us !< SOS.STATE.IL.US) from [1.2.3.4].53
CATEGORY: response-checks
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that while querying the SOS.STATE.IL.US name servers, your name server was referred to the state.il.us name servers. Since a referral should always point to name servers authoritative for descendant zones, this is an error. The name server that sent the referral is probably misconfigured, and not authoritative for the zone delegated to it.
NB If you are seeing the first form of this message (without the from [•].53 text) then Mark Andrews has noted:
Also see www.isc.org/products/BIND/bind-security.html
as you are running a nameserver with known security flaws unless
your vendor has sent you a patch.
REFERENCES:
bad response to SOA query from 10.10.0.2, zone 30.10.in-addr.arpa: rcode 0, aa 0, ancount 0, aucount 2
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that your name server, a slave for the zone 30.10.in-addr.arpa, sent a query to the name server at IP address 10.10.0.2 for the zone's current SOA record. This was to determine whether or not the zone data had changed on the master server. However, the master server's response indicated that it was not authoritative for the 30.10.in-addr.arpa zone (that's what "aa=0" means). Your name server expects the master server to be authoritative for the zone, and can't transfer a zone from a non-authoritative name server, so it logs an error.
bind(dfd=20, [132.174.19.28].53): Address already in use
CATEGORY:
SEVERITY:
PAGE: 163
FURTHER INFO:
Indicates that there is already a program listening on port 53 on the network interface with IP address 132.174.19.28, and therefore named couldn't listen on that port. Programs like lsof, which list open files and the programs that have them open, can help you troubleshoot this. Often, there's another name server already running on the host.
bind(dfd=20, [132.174.19.28].53): Invalid argument
CATEGORY: default
SEVERITY: error
PAGE:
C
/etc/named.conf:53: cannot redefine zone '' class 1
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that you have multiple zone statements in named.conf for the named zone (in this case, the root zone, which has the null domain name (Æ®).
REFERENCES:
cannot set resource limits on this system
CATEGORY: config
SEVERITY: info
PAGE: 157
FURTHER INFO:
Indicates that named was compiled to believe that it couldn't set new resource limits (e.g., for data segment size, stack size) on this operating system. If your name server isn't configured to set any of these limits, you can ignore this. If you know your operating system does support setting new resource limits, you need to define HAVE_SETRUSAGE in the BIND source and recompile.
REFERENCES:
groups.google.com/groups?hl=en&threadm=6c4a91%2426g%241%40lyra.csx.cam.ac.uk&rnum=2&prev=/groups%3Fq%3Dgetrlimit%26hl%3Den%26group%3Dcomp.protocols.dns.bind%26rnum%3D2%26selm%3D6c4a91%252426g%25241%2540lyra.csx.cam.ac.uk
can't change directory to /var/name: No such file or directory
CATEGORY:
SEVERITY:
PAGE: 312-313
FURTHER INFO:
Indicates that the working directory you set in named.conf doesn't exist.
can't exec /usr/local/sbin/named-xfer: No such file or directory.
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates that named couldn't execute the named-xfer binary at /usr/local/sbin/named-xfer. Make sure the binary exists at that path and is executable, or use the named-xfer options substatement to redefine the path.
can't make tmpfile (mooretec.com.94Vt6f): Permission denied
or
can't fdopen tmpfile (sec_qip/db.135.156.HfeOrP)
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
These errors are logged to syslog by named-xfer.
check_hints: no A records for L.ROOT-SERVERS.NET class 1 in hints
CATEGORY: default
SEVERITY: error
PAGE:
FURTHER INFO:
I also had this happen when converting from 4.9.x to 8.x.x. I used the db.cache file from the 4.9.x configuration instead of updating it from ftp.rs.internic.net (with the named.root file). The message below also occurred.
check_hints: root NS list in hints for class 1 does not match root NS list
CATEGORY: default
SEVERITY: 25. This particular address is illegal because the name server interprets a leading zero in an octet ("08") to mean that the value is octal, and there is no octal digit "8."
REFERENCES:
db/db.dedip:48: IP Address error near (firstsearch.dedip.oclc.org.)
or
db/pais/db.pais.org:27: IP Address error near (38.350.56.14)
CATEGORY: load
SEVERITY: notice
PAGE:
FURTHER INFO:
Indicated that the name server found the domain name firstsearch.dedip.oclc.org in a field in which it expected to find an IP address. For example:
;2000-02-15 kco made a cname
;fscat 14400 in a 204.17.227.17
fscat 14400 in a firstsearch.dedip.oclc.org.
The last line should be:
fscat 14400 in cname firstsearch.dedip.oclc.org.
This can also occur if you use a value for an octet that is too large, such as 256.
REFERENCES:
IP/TCP connection from [192.68.250.6].43378 (fd 9)
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
Indicates either a TCP-based query or zone transfer request from the IP address 192.68.250.6, port 43378.
REFERENCES:
J
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
K
CATEGORY:
SEVERITY:
PAGE:
FURTHER INFO:
REFERENCES:
L
Lame server on 'www.candleworks.com' (in 'CANDLEWORKS.com'?): [216.218.131.2].53 'NS2.HE.NET'
CATEGORY: lame-servers
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server queried the name server NS2.HE.NET while trying to resolve the domain name www.candleworks.com, following delegation that indicated that NS2.HE.NET was authoritative for the CANDLEWORKS.com zone. The response your name server received from NS2.HE.NET, however, showed that the name server was not in fact authoritative for CANDLEWORKS.com, and that the delegation was therefore lame.
Lame server on '1.2.151.128.IN-ADDR.ARPA' (in '151.128.in-addr.arpa'?): [128.151.128.52].53 'NS.UTD.ROCHESTER.EDU': learnt (A=128.105.2.10,NS=128.8.10.90)
CATEGORY: lame-servers
SEVERITY: info
PAGE: 162-163; 320
FURTHER INFO:
Similar to above, but also specifies the name server you learned the (possibly lame) NS record from (the name server at the IP address 128.8.10.90) and the name server you learned the (possibly incorrect) address of NS.UTD.ROCHESTER.EDU from (128.105.2.10).
REFERENCES:
listening on [127.0.0.1].53 (lo0)
CATEGORY: default
SEVERITY: info
PAGE:
FURTHER INFO:
Indicates that your name server is listening for queries on port 53 of the IP address 127.0.0.1.
REFERENCES:
log_new_context() failed: not enough space
CATEGORY: config
SEVERITY: panic
PAGE:
FURTHER INFO:
REFERENCES:
M
Malformed response from [199.171.16.2].53 (dn_expand failed in authority)
or
Malformed response from [210.73.46.4].53 (dn_expand failed in query)
or
Malformed response from [12.19.232.10].53 (out of data in final pass)
or
Malformed response from [128.109.131.3].53 (query section mismatch (www.webpress.net IN A))
or
Malformed response from [209.251.96.2].53 (query section mismatch (142.wt.109.251.209.in-addr.arpa IN PTR))
or
Malformed response from [134.75.30.1].53 (query section mismatch (www.KERIS.OR.KR IN MX))
or
Malformed response from [208.221.32.5].53 (answer to wrong question)
or
Malformed response from [132.174.11.1].53 (brain damage)
CATEGORY: res