[nsd-users] failed writing to tcp: Broken pipe
Michael Tokarev
mjt at tls.msk.ru
Thu Oct 6 11:49:46 UTC 2011
Hello.
I'm trying to diagnose a problem in our network which - apparently -
started after I enabled DNSSEC on our local zones (island of security),
but may be unrelated as well.
The problem is that there's frequent messages in the logs on the mahcine
running nsd:
Oct 6 14:32:32 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct 6 14:41:58 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct 6 14:41:58 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct 6 14:51:02 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct 6 15:00:07 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct 6 15:00:07 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct 6 15:09:37 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct 6 15:09:37 mother last message repeated 2 times
Oct 6 15:19:35 mother nsd[1363]: failed writing to tcp: Broken pipe
Oct 6 15:19:35 mother nsd[1363]: failed writing to tcp: Broken pipe
There are just handful other machines accessing this service (it is a
hidden primary), either other instances of nsd or unbound servers.
As far as I can tell, the "bad" connections logged by nsd comes from
unbound servers - running tcpdump right now.
But the thing is: the above error message is mostly useless, it is
just a "random noize" which - IMHO anyway - should either tell more
(at least, where the connection comes from) or should be dropped
completely.
In the code, there's a check for ECONNRESET - should it be expanded
to EPIPE as well?
And, where - in server.c:handle_tcp_writing() - one can get the peer
address for handler->fd, short of calling getpeername()? I mean, is
the peer address available somewhere in the connection structures in
a ready to use form?
Thanks,
/mjt
More information about the nsd-users
mailing list