[nsd-users] failed writing to tcp: Broken pipe

Michael Tokarev mjt at tls.msk.ru
Thu Oct 6 11:49:46 UTC 2011


Hello.

I'm trying to diagnose a problem in our network which - apparently -
started after I enabled DNSSEC on our local zones (island of security),
but may be unrelated as well.

The problem is that there's frequent messages in the logs on the mahcine
running nsd:

Oct  6 14:32:32 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct  6 14:41:58 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct  6 14:41:58 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct  6 14:51:02 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct  6 15:00:07 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct  6 15:00:07 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct  6 15:09:37 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct  6 15:09:37 mother last message repeated 2 times
Oct  6 15:19:35 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct  6 15:19:35 mother nsd[1363]: failed writing to tcp: Broken pipe

There are just handful other machines accessing this service (it is a
hidden primary), either other instances of nsd or unbound servers.
As far as I can tell, the "bad" connections logged by nsd comes from
unbound servers - running tcpdump right now.

But the thing is: the above error message is mostly useless, it is
just a "random noize" which - IMHO anyway - should either tell more
(at least, where the connection comes from) or should be dropped
completely.

In the code, there's a check for ECONNRESET - should it be expanded
to EPIPE as well?

And, where - in server.c:handle_tcp_writing() - one can get the peer
address for handler->fd, short of calling getpeername()?  I mean, is
the peer address available somewhere in the connection structures in
a ready to use form?

Thanks,

/mjt



More information about the nsd-users mailing list