Issue bind9 - Accepting TCP connection failed: invalid file

[SeBoOne]

I have a problem with the DNS Server and i tried everything i could find in the past 2 days.
My Problem is that after a while (sometimes a day sometimes a few hours) the bind9/named-service starts putting following lines in the syslog file.

Feb  4 09:26:01 server named[954675]: Accepting TCP connection failed: invalid file

Feb  4 09:26:02 server named[954675]: message repeated 37813 times: [ Accepting TCP connection failed: invalid file]

the same goes for the "service named status" or "journalctl -xeu named.service" command. I just cant find out what that means ... WHICH FILE ... i tried every possible form of "googleing" it i even tried to ask ChatGPT4 but nothing the answer is always something like the named.service file has wrong config or the bind/named.conf is not correct but i tried all those things and cant get behind it.

I mean i could just let it restart the service everytime it detects this kind of respond in the log files but that not a real solution.
I wanted to remove bind9 and reinstall it but couldnt find any helpfull info if and what i have to do before and after doing that so i didnt yet.

The problems started after i installed and removed VSCode and vscode-cli after that for the vscode-remote-tunnel which didnt solve my problem that i had with that.

 

[kassi]

I have the exact same problem. After some hours of running after reboot I'm again seeing those messages.
Scrolling back the last change that happened on the system (out of nowhere and for whatever reason) before the first such message appears is:

Jul 15 22:35:45 server systemd[1]: run-docker-runtime\x2drunc-moby-77c9a01616655644dbe71d5f095739d91fb2ecbc1f753530ffb362bc03afeb2d-runc.cFV1u1.mount: Deactivated successfully.
... some more of those, then
Jul 15 22:38:21 server systemd[1]: usr-bin-wbin-data-overlay2-12ebe634ef7166075bec50771f4356eeaa0d47abfe67d9a51a548499237873ec\x2dinit-merged.mount: Deactivated successfully.
Jul 15 22:38:22 server systemd-udevd[117983]: Using default interface naming scheme 'v249'.
Jul 15 22:38:22 server systemd-networkd[151]: veth5f9fc38: Link UP
Jul 15 22:38:22 server systemd-udevd[117984]: Using default interface naming scheme 'v249'.
Jul 15 22:38:22 server systemd-networkd[151]: veth5f9fc38: Gained carrier
Jul 15 22:38:23 server named[376]: listening on IPv6 interface veth5f9fc38, fe80::c6e:c6ff:fe73:a48d%51#53
Jul 15 22:38:23 server systemd-networkd[151]: veth5f9fc38: Gained IPv6LL
Jul 15 22:38:28 server named[376]: Accepting TCP connection failed: invalid file
Jul 15 22:38:32 server named[376]: message repeated 166728 times: [ Accepting TCP connection failed: invalid file]

At the moment only rebooting helps. Trying to remember what I did months ago when I first saw it, but notes are gone.

 

[AYamshanov]

Interesting...

Could you please post what OS and version you use, as well as the versions of BIND and Plesk?

In BIND “invalid file” stands for errnos ENOTDIR, ELOOP, EINVAL, ENAMETOOLONG, EBADF. In logs, do you have any other errors related to "bad IP addresses" or "Bad file descriptors"?

On the server, do you have any 3rd-party software that limits/restricts resources?

 

[kassi]

I'm using Ubuntu 22.04.4 LTS, kernel 5.2.0
bind9: 1:9.18.18-0ubuntu0.22.04.2 - upgrading to latest 1:9.18.24-0ubuntu0.22.04.1 now.
Plesk: 18.0.61 Update Nr. 6

No bad file descriptors, no bad IP addresses since then.

I'm upgrading bind9 now. bond restart showed this:

Jul 16 10:29:13 srv systemd[1]: Stopping BIND Domain Name Server...
Jul 16 10:29:13 srv named[376]: Accepting TCP connection failed: invalid file
Jul 16 10:29:13 srv named[376]: message repeated 2824 times: [ Accepting TCP connection failed: invalid file]
Jul 16 10:29:13 srv rndc[534308]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
...
Jul 16 10:30:13 srv rndc[534308]: rndc: recv failed: timed out
Jul 16 10:30:13 srv named[376]: Accepting TCP connection failed: invalid file
Jul 16 10:30:13 srv named[376]: message repeated 151 times: [ Accepting TCP connection failed: invalid file]
Jul 16 10:30:13 srv systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
Jul 16 10:30:13 srv named[376]: Accepting TCP connection failed: invalid file
Jul 16 10:30:18 srv named[376]: message repeated 421523 times: [ Accepting TCP connection failed: invalid file]
...
Jul 16 10:31:43 srv systemd[1]: named.service: State 'stop-sigterm' timed out. Killing.
Jul 16 10:31:43 srv named[376]: Accepting TCP connection failed: invalid file
Jul 16 10:31:43 srv systemd[1]: named.service: Killing process 376 (named) with signal SIGKILL.
Jul 16 10:31:43 srv named[376]: Accepting TCP connection failed: invalid file
Jul 16 10:31:43 srv named[376]: message repeated 123 times: [ Accepting TCP connection failed: invalid file]
Jul 16 10:31:43 srv systemd[1]: named.service: Main process exited, code=killed, status=9/KILL
Jul 16 10:31:43 srv systemd[1]: named.service: Failed with result 'exit-code'.
Jul 16 10:31:43 srv systemd[1]: Stopped BIND Domain Name Server.
Jul 16 10:31:43 srv systemd[1]: Starting BIND Domain Name Server...
Jul 16 10:31:43 srv named[535499]: starting BIND 9.18.24-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) <id:>
Jul 16 10:31:43 srv named[535499]: running on Linux x86_64 5.2.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024
Jul 16 10:31:43 srv named[535499]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-1HTw0X/bind9-9.18.24=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Jul 16 10:31:43 srv named[535499]: running as: named -t /var/named/run-root -c /etc/named.conf -u bind -n 2
Jul 16 10:31:43 srv named[535499]: compiled by GCC 11.4.0
Jul 16 10:31:43 srv named[535499]: compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
Jul 16 10:31:43 srv named[535499]: linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
Jul 16 10:31:43 srv named[535499]: compiled with libuv version: 1.43.0
Jul 16 10:31:43 srv named[535499]: linked to libuv version: 1.43.0
Jul 16 10:31:43 srv named[535499]: compiled with libxml2 version: 2.9.13
Jul 16 10:31:43 srv named[535499]: linked to libxml2 version: 20913
Jul 16 10:31:43 srv named[535499]: compiled with json-c version: 0.15
Jul 16 10:31:43 srv named[535499]: linked to json-c version: 0.15
Jul 16 10:31:43 srv named[535499]: compiled with zlib version: 1.2.11
Jul 16 10:31:43 srv named[535499]: linked to zlib version: 1.2.11
Jul 16 10:31:43 srv named[535499]: ----------------------------------------------------
Jul 16 10:31:43 srv named[535499]: BIND 9 is maintained by Internet Systems Consortium,
Jul 16 10:31:43 srv named[535499]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jul 16 10:31:43 srv named[535499]: corporation. Support and training for BIND 9 are
Jul 16 10:31:43 srv named[535499]: available at Professional Support for Open Source
Jul 16 10:31:43 srv named[535499]: ----------------------------------------------------
Jul 16 10:31:43 srv named[535499]: adjusted limit on open files from 524288 to 1048576
Jul 16 10:31:43 srv named[535499]: found 10 CPUs, using 2 worker threads
Jul 16 10:31:43 srv named[535499]: using 2 UDP listeners per interface
Jul 16 10:31:43 srv named[535499]: DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
Jul 16 10:31:43 srv named[535499]: DS algorithms: SHA-1 SHA-256 SHA-384
Jul 16 10:31:43 srv named[535499]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
Jul 16 10:31:43 srv named[535499]: TKEY mode 2 support (Diffie-Hellman): yes
Jul 16 10:31:43 srv named[535499]: TKEY mode 3 support (GSS-API): yes
Jul 16 10:31:43 srv named[535499]: loading configuration from '/etc/named.conf'
Jul 16 10:31:43 srv named[535499]: unable to open '/etc/bind/bind.keys'; using built-in keys instead
Jul 16 10:31:43 srv named[535499]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jul 16 10:31:43 srv named[535499]: using default UDP/IPv4 port range: [1024, 65535]
Jul 16 10:31:43 srv named[535499]: using default UDP/IPv6 port range: [1024, 65535]
Jul 16 10:31:43 srv named[535499]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 16 10:31:43 srv named[535499]: listening on IPv4 interface venet0:0, <my main ip>#53
Jul 16 10:31:43 srv named[535499]: listening on IPv4 interface venet0:1, <my cluster ip>#53
Jul 16 10:31:43 srv named[535499]: listening on IPv4 interface br-e5bb9f8430c5, 172.20.0.1#53
Jul 16 10:31:43 srv named[535499]: listening on IPv4 interface docker0, 172.17.0.1#53
Jul 16 10:31:43 srv named[535499]: listening on IPv4 interface docker5, 172.58.0.1#53
Jul 16 10:31:43 srv named[535499]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately
Jul 16 10:31:43 srv named[535499]: listening on IPv6 interface lo, ::1#53
Jul 16 10:31:43 srv named[535499]: listening on IPv6 interface br-e5bb9f8430c5, fe80::42:e1ff:fe43:e416%3#53
Jul 16 10:31:43 srv named[535499]: listening on IPv6 interface docker0, fe80::42:89ff:fe61:2db7%4#53
Jul 16 10:31:43 srv named[535499]: listening on IPv6 interface docker5, fe80::a441:c4ff:fe05:d0f%15#53
...
Jul 16 10:31:43 srv named[535499]: generating session key for dynamic DNS
Jul 16 10:31:43 srv named[535499]: couldn't mkdir '//run': Permission denied
Jul 16 10:31:43 srv named[535499]: could not create //run/named/session.key
Jul 16 10:31:43 srv named[535499]: failed to generate session key for dynamic DNS: permission denied
Jul 16 10:31:43 srv named[535499]: sizing zone task pool based on 6 zones
Jul 16 10:31:43 srv named[535499]: none:99: 'max-cache-size 90%' - setting to 44236MB (out of 49152MB)
Jul 16 10:31:43 srv named[535499]: using built-in root key for view _default
Jul 16 10:31:43 srv named[535499]: set up managed keys zone for view _default, file 'managed-keys.bind'
Jul 16 10:31:43 srv named[535499]: automatic empty zone: 10.IN-ADDR.ARPA
...
Jul 16 10:31:43 srv named[535499]: automatic empty zone: HOME.ARPA
Jul 16 10:31:43 srv named[535499]: command channel listening on 127.0.0.1#953
Jul 16 10:31:43 srv named[535499]: managed-keys-zone: loaded serial 227
Jul 16 10:31:43 srv named[535499]: zone <my domain>/IN: loaded serial 1720888822
Jul 16 10:31:43 srv named[535499]: zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 20010622
Jul 16 10:31:43 srv named[535499]: zone <my domain>/IN: sending notifies (serial 1720888822)
Jul 16 10:31:43 srv named[535499]: all zones loaded
Jul 16 10:31:43 srv named[535499]: running
Jul 16 10:31:43 srv systemd[1]: Started BIND Domain Name Server.
...
on upgrading mariadb there's some trouble with the replication, which is currently not running on the replication server:
Jul 16 10:31:52 srv mariadbd[540796]: 2024-07-16 10:31:52 0 [ERROR] Failed to open the relay log './mysqld-relay-bin.000002' (relay_log_pos 36778)
Jul 16 10:31:52 srv mariadbd[540796]: 2024-07-16 10:31:52 0 [ERROR] Could not find target log during relay log initialization
Jul 16 10:31:52 srv mariadbd[540796]: 2024-07-16 10:31:52 0 [ERROR] Failed to initialize the master info structure
Jul 16 10:31:52 srv mariadbd[540796]: 2024-07-16 10:31:52 0 [Note] /usr/sbin/mariadbd: ready for connections.
Jul 16 10:31:52 srv mariadbd[540796]: Version: '10.6.18-MariaDB-0ubuntu0.22.04.1-log' socket: '/run/mysqld/mysqld.sock' port: 3306 Ubuntu 22.04
Jul 16 10:31:52 srv systemd[1]: Started MariaDB 10.6.18 database server.
Jul 16 10:31:52 srv /etc/mysql/debian-start[540815]: Upgrading MySQL tables if necessary.
Jul 16 10:31:52 srv mariadbd[540796]: 2024-07-16 10:31:52 0 [ERROR] Error in accept: Bad file descriptor
...
Jul 16 10:41:36 srv named[535499]: Accepting TCP connection failed: invalid file
Jul 16 10:41:39 srv named[535499]: message repeated 218242 times: [ Accepting TCP connection failed: invalid file]

Besides of the one dedicated to mariadb restart (probably due to replication?) there's no bad file descriptor etc. in the syslog since weeks.

 

[AYamshanov]

Just ideas to check,

• Have you modified `/etc/hosts.allow` or `/etc/hosts.deny`? (by default, all lines are comments)
• What about AppArmor, is it enabled? Are there any clues in its logs?

 

[kassi]

Just ideas to check,

• Have you modified `/etc/hosts.allow` or `/etc/hosts.deny`? (by default, all lines are comments)
• What about AppArmor, is it enabled? Are there any clues in its logs?

/etc/hosts.deny is empty (std comments only). /etc/hosts.allow has one entry: "sendmail: all" - I haven't added it so I think it's due to Plesk mail service.
AppArmor is disabled.

 

[AYamshanov]

I use Plesk 18.0.62 on Ubuntu22 and do not have anything like that... As an experiment, you can try to comment it out and check will it help or not.
Based on man pages, the control word should be "ALL", not "all"; not sure but maybe the system interprets "all" as a host and it causes reach some limits... just a hypothesis.

 

[kassi]

I did comment it out and even rebootet afterwards.
Messages are still present.