BIND 10 Messages Manual

A debug message informing about installing a file descriptor as a server. The file descriptor number is noted.

A debug message informing about installing a file descriptor as a server. The file descriptor number is noted.

A debug message, this records that the upstream fetch (a query made by the resolver on behalf of its client) to the specified address has completed.

An external component has requested the halting of an upstream fetch. This is an allowed operation, and the message should only appear if debug is enabled.

The asynchronous I/O code encountered an error when trying to open a socket of the specified protocol in order to send a message to the target address. The number of the system error that caused the problem is given in the message.

The asynchronous I/O code encountered an error when trying to read data from the specified address on the given protocol. The number of the system error that caused the problem is given in the message.

An upstream fetch from the specified address timed out. This may happen for any number of reasons and is most probably a problem at the remote server or a problem on the network. The message will only appear if debug is enabled.

The asynchronous I/O code encountered an error when trying to send data to the specified address on the given protocol. The number of the system error that caused the problem is given in the message.

An internal consistency check on the origin of a message from the asynchronous I/O module failed. This may indicate an internal error; please submit a bug report.

An internal error indicating that the termination method of the resolver's upstream fetch class was called with an unknown result code (which is given in the message). Please submit a bug report.

This is a debug message produced by the authoritative server when it has encountered an error processing an AXFR request. The message gives the reason for the error, and the server will return a SERVFAIL code to the sender.

This is a debug message output when the authoritative server has received an AXFR query over UDP. Use of UDP for AXFRs is not permitted by the protocol, so the server will return a FORMERR error to the sender.

Execution of the specified command by the authoritative server failed. The message contains the reason for the failure.

This is a debug message indicating that authoritative server has created the channel to the configuration manager. It is issued during server startup is an indication that the initialization is proceeding normally.

This is a debug message indicating that authoritative server has established communication the configuration manager over the previously-created channel. It is issued during server startup is an indication that the initialization is proceeding normally.

This is a debug message, issued when the authoritative server has posted a request to be notified when new configuration information is available. It is issued during server startup is an indication that the initialization is proceeding normally.

An attempt to configure the server with information from the configuration database during the startup sequence has failed. (The reason for the failure is given in the message.) The server will continue its initialization although it may not be configured in the desired way.

At attempt to update the configuration the server with information from the configuration database has failed, the reason being given in the message.

This is a debug message produced by the authoritative server when it accesses a datebase data source, listing the file that is being accessed.

This is a debug message indicating that the component that will handling incoming queries for the authoritative server (DNSServices) has been successfully created. It is issued during server startup is an indication that the initialization is proceeding normally.

This is a debug message, generated by the authoritative server when an attempt to parse the header of a received DNS packet has failed. (The reason for the failure is given in the message.) The server will drop the packet.

An error was encountered when the authoritiative server specified statistics data which is invalid for the auth specification file.

This is a debug message indicating that the authoritative server has requested the keyring holding TSIG keys from the configuration database. It is issued during server startup is an indication that the initialization is proceeding normally.

This debug message is issued during the processing of the 'loadzone' command when the authoritative server has successfully loaded the named zone of the named class.

This is a debug message reporting that the authoritative server has discovered that the memory data source is disabled for the given class.

This is a debug message reporting that the authoritative server has discovered that the memory data source is enabled for the given class.

The authoritative server tried to forward some type DNS request message to a separate process (e.g., forwarding dynamic update requests to b10-ddns) to handle it, but it failed. The authoritative server returns SERVFAIL to the client on behalf of the separate process. The error could be configuration mismatch between b10-auth and the recipient component, or it may be because the requests are coming too fast and the receipient process cannot keep up with the rate, or some system level failure. In either case this means the BIND 10 system is not working as expected, so the administrator should look into the cause and address the issue. The log message includes the client's address (and port), and the error message sent from the lower layer that detects the failure.

This debug message is logged by the authoritative server when it receives a NOTIFY packet that contains zero or more than one question. (A valid NOTIFY packet contains one question.) The server will return a FORMERR error to the sender.

This debug message is logged by the authoritative server when it receives a NOTIFY packet that an RR type of something other than SOA in the question section. (The RR type received is included in the message.) The server will return a FORMERR error to the sender.

The authoritative server had no session with the statistics module at the time it attempted to send it data: the attempt has been abandoned. This could be an error in configuration.

This is a debug message produced by the authoritative server when it receives a NOTIFY packet but the XFRIN process is not running. The packet will be dropped and nothing returned to the sender.

This is a debug message, generated by the authoritative server when an attempt to parse a received DNS packet has failed due to something other than a protocol error. The reason for the failure is given in the message; the server will return a SERVFAIL error code to the sender.

This is a debug message, generated by the authoritative server when an attempt to parse a received DNS packet has failed due to a protocol error. The reason for the failure is given in the message, as is the error code that will be returned to the sender.

This is a debug message output by the authoritative server when it receives a valid DNS packet.

Note: This message includes the packet received, rendered in the form of multiple lines of text. For this reason, it is suggested that this log message not be routed to the syslog file, where the multiple lines could confuse programs that expect a format of one message per line.

This message is generated by the authoritative server when it has encountered an internal error whilst processing a received packet: the cause of the error is included in the message.

The server will return a SERVFAIL error code to the sender of the packet. This message indicates a potential error in the server. Please open a bug ticket for this issue.

This is a debug message issued when the authoritative server has received a command on the command channel.

This is a debug message reporting that an incoming NOTIFY was received.

This is a debug message issued when the authoritative server has received a command from the statistics module to send it data. The 'sendstats' command is handled differently to other commands, which is why the debug message associated with it has its own code.

This is a debug message, generated by the authoritative server when an attempt to create a response to a received DNS packet has failed. The reason for the failure is given in the log message. A SERVFAIL response is sent back. The most likely cause of this is an error in the data source implementation; it is either creating bad responses or raising exceptions itself.

This debug message is similar to AUTH_RESPONSE_FAILURE, but further details about the error are unknown, because it was signaled by something which is not an exception. This is definitely a bug.

This is a debug message, this is output if the authoritative server receives a DNS packet with the QR bit set, i.e. a DNS response. The server ignores the packet as it only responds to question packets.

This is a debug message recording that the authoritative server is sending an error response to the originator of the query. A previous message will have recorded details of the failure.

Note: This message includes the packet sent, rendered in the form of multiple lines of text. For this reason, it is suggested that this log message not be routed to the syslog file, where the multiple lines could confuse programs that expect a format of one message per line.

This is a debug message recording that the authoritative server is sending a response to the originator of a query.

Note: This message includes the packet sent, rendered in the form of multiple lines of text. For this reason, it is suggested that this log message not be routed to the syslog file, where the multiple lines could confuse programs that expect a format of one message per line.

An informational message indicating that the authoritative server process has been created and is initializing. The AUTH_SERVER_STARTED message will be output when initialization has successfully completed and the server starts accepting queries.

The authoritative server has encountered a fatal error and is terminating. The reason for the failure is included in the message.

Initialization of the authoritative server has completed successfully and it is entering the main loop, waiting for queries to arrive.

This is a debug message indicating the server was asked to shut down and it is complying to the request.

This is a debug message indicating that the authoritative server has found that the data source it is loading is an SQLite3 data source, so no further validation is needed.

This is a debug message indicating that b10-auth has received a message that it should internally forward UPDATE message to b10-ddns. When b10-ddns is not running, b10-auth will respond to UPDATE requests with rcode NOTIMP. When b10-ddns is running, b10-ddns will handle and respond to the UPDATE message.

This is a debug message indicating that the authoritative server has created a channel to the statistics process. It is issued during server startup is an indication that the initialization is proceeding normally.

This is a debug message indicating that the authoritative server has established communication over the previously created statistics channel. It is issued during server startup is an indication that the initialization is proceeding normally.

An error was encountered when the authoritative server tried to send data to the statistics daemon. The message includes additional information describing the reason for the failure.

The authoritative server sent data to the statistics daemon but received no acknowledgement within the specified time. The message includes additional information describing the reason for the failure.

This is a debug message indicating that the statistics timer has been disabled in the authoritative server and no statistics information is being produced.

This is a debug message indicating that the statistics timer has been enabled and that the authoritative server will produce statistics data at the specified interval.

This is a debug message indicating that b10-auth has received a message that it should stop internally forwarding UPDATE message to b10-ddns. b10-auth will no longer forward UPDATE messages to b10-ddns, but will respond itself with error code NOTIMP. This message is also logged when the forwarding is restarted (for instance if b10-ddns is restarted and the internal connection needs to be created again), in which case it should be followed by AUTH_START_DDNS_FORWARDER.

This is a debug message, produced when a received DNS packet being processed by the authoritative server has been found to contain an unsupported opcode. (The opcode is included in the message.) The server will return an error code of NOTIMPL to the sender.

This is a debug message indicating that the authoritative server has created a channel to the XFRIN (Transfer-in) process. It is issued during server startup is an indication that the initialization is proceeding normally.

This is a debug message indicating that the authoritative server has established communication over the previously-created channel to the XFRIN (Transfer-in) process. It is issued during server startup is an indication that the initialization is proceeding normally.

This is a debug message output during the processing of a NOTIFY request. An error (listed in the message) has been encountered whilst communicating with the zone manager. The NOTIFY request will not be honored.

This is a debug message output during the processing of a NOTIFY request. The zone manager component has been informed of the request, but has returned an error response (which is included in the message). The NOTIFY request will not be honored.

The boss process is starting up and will now check if the message bus daemon is already running. If so, it will not be able to start, as it needs a dedicated message bus.

The process terminated, but the bind10 boss didn't expect it to, which means it must have failed.

The named component failed previously and we will try to restart it to provide as flawless service as possible, but it should be investigated what happened, as it could happen again.

The named component is about to be started by the boss process.

An exception (mentioned in the message) happened during the startup of the named component. The componet is not considered started and further actions will be taken about it.

A component is about to be asked to stop willingly by the boss.

A component failed for some reason (see previous messages). It is either a core component or needed component that was just started. In any case, the system can't continue without it and will terminate.

A debug message. This indicates that the configurator is building a plan how to change configuration from the older one to newer one. This does no real work yet, it just does the planning what needs to be done.

There was an exception during some planned task. The plan will not continue and only some tasks of the plan were completed. The rest is aborted. The exception will be propagated.

A different configuration of which components should be running is being installed. All components that are no longer needed will be stopped and newly introduced ones started. This happens at startup, when the configuration is read the first time, or when an operator changes configuration of the boss.

A debug message. The configurator is about to execute a plan of actions it computed previously.

The part that cares about starting and stopping the right component from the boss process is starting up. This happens only once at the startup of the boss process. It will start the basic set of processes now (the ones boss needs to read the configuration), the rest will be started after the configuration is known.

The part that cares about starting and stopping processes in the boss is shutting down. All started components will be shut down now (more precisely, asked to terminate by their own, if they fail to comply, other parts of the boss process will try to force them).

A debug message. The configurator is about to perform one task of the plan it is currently executing on the named component.

An error was encountered when the boss module specified statistics data which is invalid for the boss specification file.

The boss process was started with the -u option, to drop root privileges and continue running as the specified user, but the user is unknown.

The boss module was not able to start every process it needed to start during startup, and will now kill the processes that did get started.

The boss module is sending a kill signal to process with the given name, as part of the process of killing all started processes during a failed startup, as described for BIND10_KILLING_ALL_PROCESSES

A connection from one of the applications which requested a socket was closed. This means the application has terminated, so all the sockets it was using are now closed and bind10 process can release them as well, unless the same sockets are used by yet another application.

There already appears to be a message bus daemon running. Either an old process was not shut down correctly, and needs to be killed, or another instance of BIND10, with the same msgq domain socket, is running, which needs to be stopped.

While listening on the message bus channel for messages, it suddenly disappeared. The msgq daemon may have died. This might lead to an inconsistent state of the system, and BIND 10 will now shut down.

An error occurred when the bind10 process was asked to send a socket file descriptor. The error is mentioned, most common reason is that the request is invalid and may not come from bind10 process at all.

This indicates a process started previously terminated. The process id and component owning the process are indicated, as well as the exit code. This doesn't distinguish if the process was supposed to terminate or not.

The boss process is starting up, and will now process the initial configuration, as received from the configuration manager.

The boss module received a command and shall now process it. The command is printed.

The boss module received a configuration update and is going to apply it now. The new configuration is printed.

The boss module received the given signal.

The given process has been restarted successfully, and is now running with the given process id.

The given process has ended unexpectedly, and is now restarted.

There was a fatal error in the call to select(), used to see if a child process has ended or if there is a message on the message bus. This should not happen under normal circumstances and is considered fatal, so BIND 10 will now shut down. The specific error is printed.

The boss module is sending a SIGKILL signal to the given process.

The boss module is sending a SIGTERM signal to the given process.

The boss switches the process group ID to the given value. This happens when BIND 10 starts with the -u option, and the group ID will be set to that of the specified user.

The boss switches the user it runs as to the given UID.

The boss process received a command or signal telling it to shut down. It will send a shutdown command to each process. The processes that do not shut down will then receive a SIGTERM signal. If that doesn't work, it shall send SIGKILL signals to the processes still alive.

All child processes have been stopped, and the boss process will now stop itself.

The socket creator reported an error when creating a socket. But the function which failed is unknown (not one of 'S' for socket or 'B' for bind).

The boss requested a socket from the creator, but the answer is unknown. This looks like a programmer error.

There should be more data from the socket creator, but it closed the socket. It probably crashed.

The boss module initializes routines for parsing the socket creator protocol.

The socket creator is being terminated the aggressive way, by sending it sigkill. This should not happen usually.

The boss module sends a request to terminate to the socket creator.

Either sending or receiving data from the socket creator failed with the given error. The creator probably crashed or some serious OS-level problem happened, as the communication happens only on local host.

The socket creator successfully created and sent a requested socket, it has the given file number.

The socket creator failed to create the requested socket. It failed on the indicated OS API function with given error.

The boss forwards a request for a socket to the socket creator.

Debug message given when BIND 10 has successfull started the object that handles configuration and commands.

The given process has successfully been started.

The given process has successfully been started, and has the given PID.

Informational message on startup that shows the full version.

Informational message given when BIND 10 is starting the session object that handles configuration and commands.

The boss module is starting the given process.

The boss module is starting the given process, which will listen on the given port number.

The boss module is starting the given process, which will listen on the given address and port number (written as <address>#<port>).

All modules have been successfully started, and BIND 10 is now running.

There was a fatal error when BIND10 was trying to start. The error is shown, and BIND10 will now shut down.

During the startup process, a number of messages are exchanged between the Boss process and the processes it starts. This error is output when a message received by the Boss process is recognised as being of the correct format but is unexpected. It may be that processes are starting of sequence.

During the startup process, a number of messages are exchanged between the Boss process and the processes it starts. This error is output when a message received by the Boss process is not recognised.

The authoritative server is being started or restarted without root privileges. If the module needs these privileges, it may have problems starting. Note that this issue should be resolved by the pending 'socket-creator' process; once that has been implemented, modules should not need root privileges anymore. See tickets #800 and #801 for more information.

The resolver is being started or restarted without root privileges. If the module needs these privileges, it may have problems starting. Note that this issue should be resolved by the pending 'socket-creator' process; once that has been implemented, modules should not need root privileges anymore. See tickets #800 and #801 for more information.

The boss module is sending a shutdown command to the given module over the message channel.

An unknown child process has exited. The PID is printed, but no further action will be taken by the boss process.

The configuration manager process is so critical to operation of BIND 10 that after starting it, the Boss module will wait for it to initialize itself before continuing. This debug message is produced during the wait and may be output zero or more times depending on how long it takes the configuration manager to start up. The total length of time Boss will wait for the configuration manager before reporting an error is set with the command line --wait switch, which has a default value of ten seconds.

The cache tried to generate the complete answer message. It knows the structure of the message, but some of the RRsets to be put there are not in cache (they probably expired already). Therefore it pretends the message was not found.

Debug message, noting that the requested data was successfully found in the local zone data of the cache.

Debug message. The requested data was not found in the local zone data.

Debug message issued when there's update to the local zone section of cache.

Debug message. It is issued when the server deinitializes the message cache.

Debug message. The requested data was found in the message cache, but it already expired. Therefore the cache removes the entry and pretends it found nothing.

Debug message. We found the whole message in the cache, so it can be returned to user without any other lookups.

Debug message issued when a new message cache is issued. It lists the class of messages it can hold and the maximum size of the cache.

Debug message. This may follow CACHE_MESSAGES_UPDATE and indicates that, while updating, the old instance is being removed prior of inserting a new one.

Debug message, noting that the given message can not be cached. This is because there's no SOA record in the message. See RFC 2308 section 5 for more information.

Debug message. The message cache didn't find any entry for the given key.

Debug message issued when the message cache is being updated with a new message. Either the old instance is removed or, if none is found, new one is created.

Debug message. The resolver cache is looking up the deepest known nameserver, so the resolution doesn't have to start from the root.

Debug message. The resolver cache is being created for this given class.

Debug message, the resolver cache is being created for this given class. The difference from CACHE_RESOLVER_INIT is only in different format of passed information, otherwise it does the same.

Debug message. The resolver cache found a complete message for the user query in the zone data.

Debug message. The resolver cache found a requested RRset in the local zone data.

Debug message. The resolver cache is trying to find a message to answer the user query.

Debug message. The resolver cache is trying to find an RRset (which usually originates as internally from resolver).

The cache tried to fill in found data into the response message. But it discovered the message contains no question section, which is invalid. This is likely a programmer error, please submit a bug report.

Debug message. While trying to lookup a message in the resolver cache, it was discovered there's no cache for this class at all. Therefore no message is found.

Debug message. While trying to lookup an RRset in the resolver cache, it was discovered there's no cache for this class at all. Therefore no data is found.

Debug message. The resolver is updating a message in the cache.

Debug message. The resolver is updating an RRset in the cache.

Debug message. While trying to insert a message into the cache, it was discovered that there's no cache for the class of message. Therefore the message will not be cached.

Debug message. While trying to insert an RRset into the cache, it was discovered that there's no cache for the class of the RRset. Therefore the message will not be cached.

Debug message. The requested data was found in the RRset cache. However, it is expired, so the cache removed it and is going to pretend nothing was found.

Debug message. The RRset cache to hold at most this many RRsets for the given class is being created.

Debug message. The resolver is trying to look up data in the RRset cache.

Debug message which can follow CACHE_RRSET_LOOKUP. This means the data is not in the cache.

Debug message which can follow CACHE_RRSET_UPDATE. During the update, the cache removed an old instance of the RRset to replace it with the new one.

Debug message which can follow CACHE_RRSET_UPDATE. The cache already holds the same RRset, but from more trusted source, so the old one is kept and new one ignored.

Debug message. The RRset is updating its data with this given RRset.

This marks a low level error, we tried to read data from the message queue daemon asynchronously, but the ASIO library returned an error.

It is impossible to reach the message queue daemon for the reason given. It is unlikely there'll be reason for whatever program this currently is to continue running, as the communication with the rest of BIND 10 is vital for the components.

The library is disconnecting from the message queue daemon. This debug message indicates that the program is trying to shut down gracefully.

This debug message indicates that the command channel library is about to connect to the message queue daemon, which should be listening on the UNIX-domain socket listed in the output.

This debug message indicates that the connection was successfully made, this should follow CC_ESTABLISH.

Debug message, noting that a message is expected to come over the command channel.

Debug message, noting that we successfully received a message (its envelope and payload listed). This follows CC_GROUP_RECEIVE, but might happen some time later, depending if we waited for it or just polled.

Debug message, we're about to send a message over the command channel.

This happens when garbage comes over the command channel or some kind of confusion happens in the program. The data received from the socket make no sense if we interpret it as lengths of message. The first one is total length of the message; the second is the length of the header. The header and its length (2 bytes) is counted in the total length.

There should be data representing the length of message on the socket, but it is not there.

The program polled for incoming messages, but there was no message waiting. This is a debug message which may happen only after CC_GROUP_RECEIVE.

It isn't possible to connect to the message queue daemon, for reason listed. It is unlikely any program will be able continue without the communication.

A low level error happened when the library tried to read data from the command channel socket. The reason is listed.

We received an exception while trying to read data from the command channel socket. The reason is listed.

Debug message, noting we're sending a response to the original message with the given envelope.

Debug message. A timeout for which the program is willing to wait for a reply is being set.

Debug message. From now on, when a message (or command) comes, it'll wake the program and the library will automatically pass it over to correct place.

Debug message. The program wants to receive messages addressed to this group.

The program waited too long for data from the command channel (usually when it sent a query to different program and it didn't answer for whatever reason).

Debug message. The program no longer wants to receive messages addressed to this group.

A low level error happened when the library tried to write data to the command channel socket.

The library received a message length being zero, which makes no sense, since all messages must contain at least the envelope.

An older version of the configuration database has been found, from which there was an automatic upgrade path to the current version. These changes are now applied, and no action from the administrator is necessary.

BIND 10 has been started with the command to clear the configuration file. The existing file has been backed up (moved) to the given file name. A new configuration file will be created in the original location when necessary.

The configuration manager sent a configuration update to a module, but the module responded with an answer that could not be parsed. The answer message appears to be invalid JSON data, or not decodable to a string. This is likely to be a problem in the module in question. The update is assumed to have failed, and will not be stored.

The configuration manager daemon was unable to connect to the messaging system. The most likely cause is that msgq is not running.

The configuration manager is starting, reading and saving the configuration settings to the shown file.

There was a problem reading the persistent configuration data as stored on disk. The file may be corrupted, or it is of a version from where there is no automatic upgrade path. The file needs to be repaired or removed. The configuration manager daemon will now shut down.

There was an IO error from the system while the configuration manager was trying to write the configuration database to disk. The specific error is given. The most likely cause is that the directory where the file is stored does not exist, or is not writable. The updated configuration is not stored.

There was an OS error from the system while the configuration manager was trying to write the configuration database to disk. The specific error is given. The most likely cause is that the system does not have write access to the configuration database file. The updated configuration is not stored.

There was a keyboard interrupt signal to stop the cfgmgr daemon. The daemon will now shut down.

There was an error reading the updated configuration data. The specific error is printed.

A login attempt was made to b10-cmdctl, but the password was wrong. Users can be managed with the tool b10-cmdctl-usermgr.

There was a problem reading from the command and control channel. The most likely cause is that the message bus daemon is not running.

A timeout occurred when waiting for essential data from the cc session. This usually occurs when b10-cfgmgr is not running or not responding. Since we are waiting for essential information, this is a fatal error, and the cmdctl daemon will now shut down.

An error was encountered sending the given command to the given module. Either there was a communication problem with the module, or the module was not able to process the command, and sent back an error. The specific error is printed in the message.

This debug message indicates that the given command has been sent to the given module.

A login attempt was made to b10-cmdctl, but the username was not known. Users can be added with the tool b10-cmdctl-usermgr.

The b10-cmdctl daemon was unable to find any user data in the user database file. Either it was unable to read the file (in which case this message follows a message CMDCTL_USER_DATABASE_READ_ERROR containing a specific error), or the file was empty. Users can be added with the tool b10-cmdctl-usermgr.

This debug message indicates that the given command is being sent to the given module.

The user was denied because the SSL connection could not successfully be set up. The specific error is given in the log message. Possible causes may be that the ssl request itself was bad, or the local key or certificate file could not be read.

The cmdctl daemon has started and is now listening for connections.

There was a keyboard interrupt signal to stop the cmdctl daemon. The daemon will now shut down.

The b10-cmdctl daemon encountered an uncaught exception and will now shut down. This is indicative of a programming error and should not happen under normal circumstances. The exception message is printed.

The b10-cmdctl daemon was unable to read the user database file. The file may be unreadable for the daemon, or it may be corrupted. In the latter case, it can be recreated with b10-cmdctl-usermgr. The specific error is printed in the log message.

There was a problem with an incoming message on the command and control channel. The message does not appear to be a valid command, and is missing a required element or contains an unknown data format. This most likely means that another BIND10 module is sending a bad message. The message itself is ignored by this module.

There was an internal problem handling an incoming message on the command and control channel. An unexpected exception was thrown, details of which are appended to the message. The module will continue to run, but will not send back an answer.

The most likely cause of this error is a programming error. Please raise a bug report.

There was a problem when sending a message signaling that the module using this CCSession is stopping. This message is sent so that the rest of the system is aware that the module is no longer running. Apart from logging this message, the error itself is ignored, and the ModuleCCSession is still stopped. The specific exception message is printed.

Similar to CONFIG_CCSESSION_STOPPING, but in this case the exception that is seen is not a standard exception, and further information is unknown. This is a bug.

The configuration manager returned an error when this module requested the configuration. The full error message answer from the configuration manager is appended to the log error. The most likely cause is that the module is of a different (command specification) version than the running configuration manager.

The configuration manager returned an error response when the module requested its configuration. The full error message answer from the configuration manager is appended to the log error.

There was an error parsing the JSON file. The given file does not appear to be in valid JSON format. Please verify that the filename is correct and that the contents are valid JSON.

There was a logging configuration update, but the internal validator for logging configuration found that it contained errors. The errors are shown, and the update is ignored.

This is a debug message. When processing the "loggers" part of the configuration file, the configuration library found an entry for the named logger that matches the logger specification for the program. The logging configuration for the program will be updated with the information.

This is a debug message. When processing the "loggers" part of the configuration file, the configuration library found an entry for the named logger. As this does not match the logger specification for the program, it has been ignored.

This is a debug message. When processing the "loggers" part of the configuration file, the configuration library found the named wildcard entry (one containing the "*" character) that matched a logger already matched by an explicitly named entry. The configuration is ignored.

This is a debug message. When processing the "loggers" part of the configuration file, the configuration library found the named wildcard entry (one containing the "*" character) that matches a logger specification in the program. The logging configuration for the program will be updated with the information.

The given file does not appear to be a valid specification file: details are included in the message. Please verify that the filename is correct and that its contents are a valid BIND10 module specification.

The specification file for this module was rejected by the configuration manager. The full error message answer from the configuration manager is appended to the log error. The most likely cause is that the module is of a different (specification file) version than the running configuration manager.

There was an error opening the given file. The reason for the failure is included in the message.

There was a problem when sending a message signaling that the module using this CCSession is stopping. This message is sent so that the rest of the system is aware that the module is no longer running. Apart from logging this message, the error itself is ignored, and the ModuleCCSession is still stopped. The specific exception message is printed.

The software refuses to load NSEC3 records into a wildcard domain or the owner name has two or more labels below the zone origin. It isn't explicitly forbidden, but no sane zone wouldn have such names for NSEC3. BIND 9 also refuses NSEC3 at wildcard, so this behavior is compatible with BIND 9.

This is a debug message issued during startup when the hotspot cache is created.

Debug information. The hotspot cache is being destroyed.

A debug message issued when the hotspot cache is disabled.

A debug message issued when the hotspot cache is enabled.

A debug message issued when a hotspot cache lookup located the item but it had expired. The item was removed and the program proceeded as if the item had not been found.

Debug information. An item was successfully located in the hotspot cache.

Debug information. After inserting an item into the hotspot cache, the maximum number of items was exceeded, so the least recently used item will be dropped. This should be directly followed by CACHE_REMOVE.

A debug message indicating that a new item is being inserted into the hotspot cache.

A debug message issued when hotspot cache was searched for the specified item but it was not found.

Debug information. While inserting an item into the hotspot cache, an older instance of an item with the same name was found; the old instance will be removed. This will be directly followed by CACHE_REMOVE.

Debug information. An item is being removed from the hotspot cache.

The maximum allowed number of items of the hotspot cache is set to the given number. If there are too many, some of them will be dropped. The size of 0 means no limit.

The datasource tried to provide an NSEC proof that the named domain does not exist, but the database backend doesn't support DNSSEC. No proof is included in the answer as a result.

Debug information. A search in an database data source for NSEC3 that matches or covers the given name is being started.

Debug information. An NSEC3 that covers the given name is found and being returned. The found NSEC3 RRset is also displayed. When the shown label count is smaller than that of the given name, the matching NSEC3 is for a superdomain of the given name (see DATASRC_DATABSE_FINDNSEC3_TRYHASH). The found NSEC3 RRset is also displayed.

Debug information. An NSEC3 that matches (a possibly superdomain of) the given name is found and being returned. When the shown label count is smaller than that of the given name, the matching NSEC3 is for a superdomain of the given name (see DATASRC_DATABSE_FINDNSEC3_TRYHASH). The found NSEC3 RRset is also displayed.

Debug information. In an attempt of finding an NSEC3 for the give name, (a possibly superdomain of) the name is hashed and searched for in the NSEC3 name space. When the shown label count is smaller than that of the shown name, the search tries the superdomain name that share the shown (higher) label count of the shown name (e.g., for www.example.com. with shown label count of 3, example.com. is being tried, as "." is 1 label long).

Debug information. An exact match on hash (see DATASRC_DATABASE_FINDNSEC3_TRYHASH) was unsuccessful. We get the previous hash to that one instead.

Debug information. The database data source is looking up records with the given name and type in the database.

The datasource backend provided resource records for the given RRset with different TTL values. This isn't allowed on the wire and is considered an error, so we set it to the lowest value we found (but we don't modify the database). The data in database should be checked and fixed.

The data returned by the database backend contained data for the given domain name, so all the RRsets of the domain are returned.

When searching the domain for a name a CNAME was found at that name. Even though it was not the RR type being sought, it is returned. (The caller may want to continue the lookup by replacing the query name with the canonical name and restarting the query with the original RR type.)

When searching for a domain, the program met a delegation to a different zone at the given domain name. It will return that one instead.

The program found the domain requested, but it is a delegation point to a different zone, therefore it is not authoritative for this domain name. It will return the NS record instead.

When searching for a domain, the program met a DNAME redirection to a different place in the domain space at the given domain name. It will return that one instead.

The domain name does not have any RRs associated with it, so it doesn't exist in the database. However, it has a subdomain, so it does exist in the DNS address space. This type of domain is known an an "empty non-terminal" and so we return NXRRSET instead of NXDOMAIN.

The data returned by the database backend did not contain any data for the given domain name, class and type.

The data returned by the database backend contained data for the given domain name and class, but not for the given type.

A search in the database for RRs for the specified name, type and class has located RRs that match the name and class but not the type. DNSSEC information has been requested and returned.

The data returned by the database backend contained data for the given domain name, and it either matches the type or has a relevant type. The RRset that is returned is printed.

The program is reading the whole zone, eg. not searching for data, but going through each of the RRsets there.

While iterating through the zone, the program reached end of the data.

While iterating through the zone, the program extracted next RRset from it. The name and RRtype of the RRset is indicated in the message.

While iterating through the zone, the time to live for RRs of the given RRset were found to be different. Since an RRset cannot have multiple TTLs, we set it to the lowest value we found (but we don't modify the database). This is what the client would do when such RRs were given in a DNS response according to RFC2181. The data in database should be checked and fixed.

This is a debug message indicating that the program (successfully) reaches the end of sequences of a zone's differences. The zone's name and class, database name, and the start and end serials are shown in the message.

This is a debug message indicating that the program retrieves one difference in difference sequences of a zone and successfully converts it to an RRset. The zone's name and class, database name, and the name and RR type of the retrieved diff are shown in the message.

This is a debug message indicating that the program starts reading a zone's difference sequences from a database-based data source. The zone's name and class, database name, and the start and end serials are shown in the message.

This is an error message indicating that a zone's diff is broken and the data source library failed to convert it to a valid RRset. The most likely cause of this is that someone has manually modified the zone's diff in the database and inserted invalid data as a result. The zone's name and class, database name, and the start and end serials, and an additional detail of the error are shown in the message. The administrator should examine the diff in the database to find any invalid data and fix it.

No match (not even a wildcard) was found in the named data source for the given name/type/class in the data source.

Debug information. A set of updates to a zone has been successfully committed to the corresponding database backend. The zone name, its class and the database name are printed.

Debug information. A zone updater object is created to make updates to the shown zone on the shown backend database.

Debug information. A zone updater object is destroyed, either successfully or after failure of, making updates to the shown zone on the shown backend database.

A zone updater is being destroyed without committing the changes. This would typically mean the update attempt was aborted due to some error, but may also be a bug of the application that forgets committing the changes. The intermediate changes made through the updater won't be applied to the underlying database. The zone name, its class, and the underlying database name are shown in the log message.

A zone updater is being destroyed without committing the changes to the database, and attempts to rollback incomplete updates, but it unexpectedly fails. The higher level implementation does not expect it to fail, so this means either a serious operational error in the underlying data source (such as a system failure of a database) or software bug in the underlying data source implementation. In either case if this message is logged the administrator should carefully examine the underlying data source to see what exactly happens and whether the data is still valid. The zone name, its class, and the underlying database name as well as the error message thrown from the database module are shown in the log message.

The database doesn't contain directly matching name. When searching for a wildcard match, a wildcard record matching the name of the query containing some RRsets was found. All the RRsets of the node are returned.

The database was queried to provide glue data and it didn't find direct match. It could create it from given wildcard, but matching wildcards is forbidden under a zone cut, which was found. Therefore the delegation will be returned instead.

The answer could be constructed using the wildcard, but the given subdomain exists, therefore this name is something like empty non-terminal (actually, from the protocol point of view, it is empty non-terminal, but the code discovers it differently).

The database doesn't contain directly matching name. When searching for a wildcard match, a CNAME RR was found at a wildcard record matching the name. This is returned as the result of the search.

The given wildcard matches the name being sough but it as an empty nonterminal (e.g. there's nothing at *.example.com but something like subdomain.*.example.org, do exist: so *.example.org exists in the namespace but has no RRs assopciated with it). This will produce NXRRSET.

The database doesn't contain directly matching name. When searching for a wildcard match, a wildcard record matching the name and type of the query was found. The data at this point is returned.

The database doesn't contain directly matching name. When searching for a wildcard match, an NS RR was found at a wildcard record matching the name. This is returned as the result of the search.

The database doesn't contain directly matching name. When searching for a wildcard match, a matching wildcard entry was found but it did not contain RRs the requested type. AN NXRRSET indication is returned.

A debug message indicating that a query for the given name and RR type is being processed.

The process disabled caching of RR data completely. However, the given zone is provided as a master file and it can be served from memory cache only. Therefore, the zone will not be available for this process. If this is a problem, you should move the zone to some database backend (sqlite3, for example) and use it from there.

Debug information. An RRset is being added to the in-memory data source.

This is a debug message issued during the processing of a wildcard name. The internal domain name tree is scanned and some nodes are specially marked to allow the wildcard lookup to succeed.

Debug information. A zone is being added into the in-memory data source.

Debug information. The domain was found and an ANY type query is being answered by providing everything found inside the domain.

Debug information. The requested domain is an alias to a different domain, returning the CNAME instead.

This is the same problem as in MEM_CNAME_TO_NONEMPTY, but it happened the other way around -- adding some other data to CNAME.

Someone or something tried to add a CNAME into a domain that already contains some other data. But the protocol forbids coexistence of CNAME with anything (RFC 1034, section 3.6.2). This indicates a problem with provided data.

Debug information. A representation of a zone for the in-memory data source is being created.

Debug information. A delegation point was found above the requested record.

Debug information. A zone from in-memory data source is being destroyed.

Debug information. While searching for the requested domain, a DNAME was encountered on the way. This may lead to redirection to a different domain and stop the search.

Debug information. A DNAME was found instead of the requested information.

A request was made for DNAME and NS records to be put into the same domain which is not the apex (the top of the zone). This is forbidden by RFC 2672 (section 3) and indicates a problem with provided data.

Debug information. The requested domain exists in the tree of domains, but it is empty. Therefore it doesn't contain the requested resource type.

An RRset is being inserted into in-memory data source for a second time. The original version must be removed first. Note that loading master files where an RRset is split into multiple locations is not supported yet.

Debug information. There's a NS record at the requested domain. This means this zone is not authoritative for the requested domain, but a delegation should be followed. The requested domain is an apex of some zone.

Debug information. A search for the requested RRset is being started.

Debug information. A search in an in-memory data source for NSEC3 that matches or covers the given name is being started.

Debug information. An NSEC3 that covers the given name is found and being returned. The found NSEC3 RRset is also displayed.

Debug information. An NSEC3 that matches (a possibly superdomain of) the given name is found and being returned. When the shown label count is smaller than that of the given name, the matching NSEC3 is for a superdomain of the given name (see DATASRC_MEM_FINDNSEC3_TRYHASH). The found NSEC3 RRset is also displayed.

Debug information. In an attempt of finding an NSEC3 for the give name, (a possibly superdomain of) the name is hashed and searched for in the NSEC3 name space. When the shown label count is smaller than that of the shown name, the search tries the superdomain name that share the shown (higher) label count of the shown name (e.g., for www.example.com. with shown label count of 3, example.com. is being tried).

Debug information. A zone object for this zone is being searched for in the in-memory data source.

Debug information. The content of master file is being loaded into the memory.

Debug information. The requested domain does not exist.

The in-memory data source has loaded a zone signed with NSEC3 RRs, but it doesn't have a NSEC3PARAM RR at the zone origin. It's likely that the zone is somehow broken, but this RR is not necessarily needed for handling lookups with NSEC3 in this data source, so it accepts the given content of the zone. Nevertheless the administrator should look into the integrity of the zone data.

Debug information. While searching for the requested domain, a NS was encountered on the way (a delegation). This may lead to stop of the search.

Debug information. The domain exists, but it doesn't hold any record of the requested type.

It was attempted to add the domain into a zone that shouldn't have it (eg. the domain is not subdomain of the zone origin). This indicates a problem with provided data.

Debug information. A RRset is being generated from a different RRset (most probably a wildcard). So it must be renamed to whatever the user asked for. In fact, it's impossible to rename RRsets with our libraries, so a new one is created and all resource records are copied over.

Some resource types are singletons -- only one is allowed in a domain (for example CNAME or SOA). This indicates a problem with provided data.

Debug information. The requested record was found.

Debug information. The search stopped because the requested domain was detected to be a superdomain of some existing node of zone (while there was no exact match). This means that the domain is an empty nonterminal, therefore it is treated as NXRRSET case (eg. the domain exists, but it doesn't have the requested record type).

Debug information. The contents of two in-memory zones are being exchanged. This is usual practice to do some manipulation in exception-safe manner -- the new data are prepared in a different zone object and when it works, they are swapped. The old one contains the new data and the other one can be safely destroyed.

Debug information. A domain above wildcard was reached, but there's something below the requested domain. Therefore the wildcard doesn't apply here. This behaviour is specified by RFC 1034, section 4.3.3

The software refuses to load DNAME records into a wildcard domain. It isn't explicitly forbidden, but the protocol is ambiguous about how this should behave and BIND 9 refuses that as well. Please describe your intention using different tools.

The software refuses to load NS records into a wildcard domain. It isn't explicitly forbidden, but the protocol is ambiguous about how this should behave and BIND 9 refuses that as well. Please describe your intention using different tools.

This is a debug message issued during startup or reconfiguration. Another data source is being added into the meta data source.

It was attempted to add a data source into a meta data source, but their classes do not match.

Debug information. A data source is being removed from meta data source.

Debug information. A NSEC record covering this zone is being added.

Debug information. A NSEC3 record for the given zone is being added to the response message.

Debug information. An RRset is being added to the response message.

Debug information. A SOA record of the given zone is being added to the authority section of the response message.

The underlying data source failed to answer the authoritative query. 1 means some error, 2 is not implemented. The data source should have logged the specific error already.

The domain lives in another zone. But it is not possible to generate referral information for it.

Debug information. The requested data were found in the hotspot cache, so no query is sent to the real data source.

Debug information. While processing a query, lookup to the hotspot cache is being made.

Debug information. The whole referral information is being copied into the response message.

Debug information. The software is trying to identify delegation points on the way down to the given domain.

A CNAME chain was being followed and an entry was found that pointed to a domain name that had no RRsets associated with it. As a result, the query cannot be answered. This indicates a problem with supplied data.

During an attempt to synthesize CNAME from this DNAME it was discovered the DNAME is empty (it has no records). This indicates problem with supplied data.

Some subtask of query processing failed. The reason should have been reported already and a SERVFAIL will be returned to the querying system.

Debug information. The domain is a CNAME (or a DNAME and a CNAME for it has already been created) and the search is following this chain.

Debug information. While processing a query, a MX record was met. It references the mentioned address, so A/AAAA records for it are looked up and put it into the additional section.

Debug information. While processing a query, a NS record was met. It references the mentioned address, so A/AAAA records for it are looked up and put it into the additional section.

The underlying data source failed to answer the glue query. 1 means some error, 2 is not implemented. The data source should have logged the specific error already.

This indicates a programmer error. The DO_QUERY was called with unknown operation code.

Debug information. The last DO_QUERY is an auth query.

Debug information. The last DO_QUERY is a query for glue addresses.

Debug information. The last DO_QUERY is a query for addresses that are not glue.

Debug information. The last DO_QUERY is a query for referral information.

Debug information. The last DO_QUERY is a simple query.

This indicates a programming error. A task was found in the internal task queue, but this kind of task wasn't designed to be inside the queue (it should be handled right away, not queued).

NS records should have been put into the authority section. However, this zone has none. This indicates problem with provided data.

The answer should have been a negative one (eg. of nonexistence of something). To do so, a SOA record should be put into the authority section, but the zone does not have one. This indicates problem with provided data.

The underlying data source failed to answer the no-glue query. 1 means some error, 2 is not implemented. The data source should have logged the specific error already.

Debug information. The hotspot cache is ignored for authoritative ANY queries for consistency reasons.

Debug information. The hotspot cache is ignored for ANY queries for consistency reasons.

An attempt to add a NSEC record into the message failed, because the zone does not have any DS record. This indicates problem with the provided data.

An attempt to add a NSEC3 record into the message failed, because the zone does not have any DS record. This indicates problem with the provided data.

Debug information. Lookup of domain failed because the datasource has no zone that contains the domain. Maybe someone sent a query to the wrong server for some reason. This may also happen when looking in the datasource for addresses for NS records.

Debug information. A sure query is being processed now.

The user wants DNSSEC and we discovered the entity doesn't exist (either domain or the record). But there was an error getting NSEC/NSEC3 record to prove the nonexistence.

The underlying data source failed to answer the query for referral information. 1 means some error, 2 is not implemented. The data source should have logged the specific error already.

The server is unable to answer a direct query for RRSIG type, but was asked to do so.

The underlying data source failed to answer the simple query. 1 means some error, 2 is not implemented. The data source should have logged the specific error already.

This is a debug message. While answering a query, a DNAME was encountered. The DNAME itself will be returned, along with a synthesized CNAME for clients that do not understand the DNAME RR.

The query subtask failed. The reason should have been reported by the subtask already. The code is 1 for error, 2 for not implemented.

A CNAME led to another CNAME and it led to another, and so on. After 16 CNAMEs, the software gave up. Long CNAME chains are discouraged, and this might possibly be a loop as well. Note that some of the CNAMEs might have been synthesized from DNAMEs. This indicates problem with supplied data.

This indicates a programmer error. The answer of subtask doesn't look like anything known.

Debug information. A direct match wasn't found, so a wildcard covering the domain is being looked for now.

During an attempt to cover the domain by a wildcard an error happened. The exact kind was hopefully already reported.

While processing a wildcard, it wasn't possible to prove nonexistence of the given domain or record. The code is 1 for error and 2 for not implemented.

While processing a wildcard, a referral was met. But it wasn't possible to get enough information for it. The code is 1 for error, 2 for not implemented.

Debug information. The SQLite data source is closing the database file.

The version of the SQLite3 database schema used to hold the zone data is not the latest one - the current version of BIND 10 was written with a later schema version in mind. However, the database is compatible with the current version of BIND 10, and BIND 10 will run without any problems.

Consult the release notes for your version of BIND 10. Depending on the changes made to the database schema, it is possible that improved performance could result if the database were upgraded.

The database file is no longer needed and is being closed.

The database file is being opened so it can start providing data.

Debug information. An instance of SQLite data source is being created.

Debug information. An instance of SQLite data source is being destroyed.

The object around a database connection is being destroyed.

Debug information. The SQLite data source is trying to identify which zone should hold this domain.

Debug information. The last SQLITE_ENCLOSURE query was unsuccessful; there's no such zone in our data.

Debug information. The SQLite data source is looking up a resource record set.

Debug information. The data source is looking up the addresses for given domain name.

The SQLite data source was looking up A/AAAA addresses, but the data source contains different class than the query was for.

Debug information. The SQLite data source is looking up an exact resource record.

The SQLite data source was looking up an exact RRset, but the data source contains different class than the query was for.

Debug information. The SQLite data source is looking up records of given name and type in the database.

Debug information. The SQLite data source is identifying if this domain is a referral and where it goes.

The SQLite data source was trying to identify if there's a referral. But it contains different class than the query was for.

The SQLite data source was looking up an RRset, but the data source contains different class than the query was for.

Debug information. We're trying to look up a NSEC3 record in the SQLite data source.

The SQLite data source was asked to provide a NSEC3 record for given zone. But it doesn't contain that zone.

The version of the SQLite3 database schema used to hold the zone data is incompatible with the version expected by BIND 10. As a result, BIND 10 is unable to run using the database file as the data source.

The database should be updated using the means described in the BIND 10 documentation.

A wrapper object to hold database connection is being initialized.

Debug information. The SQLite data source is loading an SQLite database in the provided file.

This is a debug message. The name given was not found, so the program is searching for the next name higher up the hierarchy (e.g. if www.example.com were queried for and not found, the software searches for the "previous" name, example.com).

The name given was not found, so the program is searching for the next name higher up the hierarchy (e.g. if www.example.com were queried for and not found, the software searches for the "previous" name, example.com). However, this name is not contained in any zone in the data source. This is an error since it indicates a problem in the earlier processing of the query.

The database for SQLite data source was found empty. It is assumed this is the first run and it is being initialized with current schema. It'll still contain no data, but it will be ready for use.

An error message indicating that a query requesting a RR for a class other that CH was sent to the static data source (which only handles CH queries).

Debug information. The static data source (the one holding stuff like version.bind) is being created.

Debug information. This resource record set is being looked up in the static data source.

This indicates a programming error. An internal task of unknown type was generated.

A backup for the given database file was created. Same of original file and backup are given in the output message.

There was an error while trying to check the current version of the database schema. The error is shown in the message.

b10-dbutil was called with --check and --noconfirm. --noconfirm only has meaning with --upgrade, so this is considered an error.

The database schema version has been checked, and is up to date. No action is required.

The database schema version is not up to date, and an update is required. Please run the dbutil tool again, with the --upgrade argument.

b10-dbutil was called with neither --check nor --upgrade. One action must be provided.

b10-dbutil was called with both the commands --upgrade and --check. Only one action can be performed at a time.

The upgrade failed while it was in progress; the database may now be in an inconsistent state, and it is advised to restore it from the backup that was created when b10-dbutil started.

Debug message; the given SQL statement is executed

The database file that is being checked.

b10-dbutil was called without a database file. Currently, it cannot find this file on its own, and it must be provided.

The given database statement failed to execute. The error is shown in the message.

There were too many command-line arguments to b10-dbutil

The user aborted the upgrade, and b10-dbutil will now exit.

A database schema was found that was newer than this version of dbutil, which is apparently out of date and should be upgraded itself.

While the upgrade was in progress, an unexpected error occurred. The error is shown in the message.

Due to the earlier failure, the database schema upgrade was not attempted, and b10-dbutil will now exit.

b10-dbutil was told to upgrade the database schema, but it is already at the latest version.

b10-dbutil was told to upgrade the database schema, but it is at a higher version than this tool currently supports. Please update b10-dbutil and try again.

An unexpected error occurred while b10-dbutil was preparing to upgrade the database schema. The error is shown in the message

The database schema update was completed successfully.

An upgrade is in progress, the versions of the current upgrade action are shown.

The current version of the database schema.

The database schema is at a higher version than b10-dbutil knows about.

The database schema is not up to date, the current version and the latest version are in the message.

There was a low-level error when we tried to accept an incoming connection (probably coming from b10-auth). We continue serving on whatever other connections we already have, but this connection is dropped. The reason is logged.

b10-ddns was notified of updates to the SQLite3 DB file that b10-auth uses for the underlying data source and on which b10-ddns needs to make updates. b10-ddns then updated its internal setup so further updates would be made on the new DB.

There was a problem reading from the command and control channel. The most likely cause is that the msgq process is not running.

There was a problem reading a response from another module over the command and control channel. The most likely cause is that the configuration manager b10-cfgmgr is not running.

The ddns process encountered an error when installing the configuration at startup time. Details of the error are included in the log message.

An update to b10-ddns configuration was delivered but an error was found while applying them. None of the delivered updates were applied to the running b10-ddns system, and the server will keep running with the existing configuration. If this happened in the initial configuration setup, the server will be running with the default configurations.

There was an error on a connection with the b10-auth server (or whatever connects to the ddns daemon). This might be OK, for example when the authoritative server shuts down, the connection would get closed. It also can mean the system is busy and can't keep up or that the other side got confused and sent bad data.

b10-ddns tried to get configuration of some remote modules for its operation, but it failed. The most likely cause of this is that the remote module has not fully started up and b10-ddns couldn't get the configuration in a timely fashion. b10-ddns attempts to retry it a few times, imposing a short delay, hoping it eventually succeeds if it's just a timing issue. The number of total failed attempts is also logged. If it reaches an internal threshold b10-ddns considers it a fatal error and terminates. Even in that case, if b10-ddns is configured as a "dispensable" component (which is the default), the parent bind10 process will restart it, and there will be another chance of getting the remote configuration successfully. These are not the optimal behavior, but it's believed to be sufficient in practice (there would normally be no failure in the first place). If it really causes an operational trouble other than having a few of these log messages, please submit a bug report; there can be several ways to make it more sophisticated. Another, less likely reason for having this error is because the remote modules are not actually configured to run. If that's the case fixing the configuration should solve the problem - either by making sure the remote module will run or by not running b10-ddns (without these remote modules b10-ddns is not functional, so there's no point in running it in this case).

There was a problem in the lower level module handling configuration and control commands. This could happen for various reasons, but the most likely cause is that the configuration database contains a syntax error and ddns failed to start at initialization. A detailed error message from the module will also be displayed.

Debug message. We received a connection and we are going to start handling requests from it. The file descriptor number and the address where the request comes from is logged. The connection is over a unix domain socket and is likely coming from a b10-auth process.

b10-ddns is notified of updates to b10-auth configuration (including a report of the initial configuration) that b10-ddns might be interested in.

The ddns process received a shutdown command from the command channel and will now shut down.

b10-ddns is notified of updates to b10-zonemgr's configuration (including a report of the initial configuration). It may possibly contain changes to the secondary zones, in which case b10-ddns will update its internal copy of that configuration.

b10-ddns received an update request via b10-auth, but the received data failed to pass minimum validation: it was either broken wire format data for a valid DNS message (e.g. it's shorter than the fixed-length header), or the opcode is not update, or TSIG is included in the request but it fails to validate. Since b10-auth should have performed this level of checks, such an error shouldn't be detected at this stage and should rather be considered an internal bug. This event is therefore logged at the error level, and the request is simply dropped. Additional information of the error is also logged.

b10-ddns received a new update request from a client over TCP, but the number of TCP clients being handled by the server already reached the configured quota, so the latest client was rejected by closing the connection. The administrator may want to check the status of b10-ddns, and if this happens even if the server is not very busy, the quota may have to be increased. Or, if it's more likely to be malicious or simply bogus clients that somehow keep the TCP connection open for a long period, maybe they should be rejected with an appropriate ACL configuration or some lower layer filtering. The number of existing TCP clients are shown in the log, which should be identical to the current quota.

Network I/O error happens in sending an update response. The client's address that caused the error and error details are also logged.

b10-ddns had tried to send an update response over TCP, and it hadn't been completed at that time, and a followup attempt to complete the send operation failed due to some network I/O error. While a network error can happen any time, this event is quite unexpected for two reasons. First, since the size of a response to an update request should be generally small, it's unlikely that the initial attempt didn't fail but wasn't completed. Second, since the first attempt succeeded and the TCP connection had been established in the first place, it's more likely for the subsequent attempt to succeed. In any case, there may not be able to do anything to fix it at the server side, but the administrator may want to check the general reachability with the client address.

b10-ddns has successfully updated the internal copy of secondary zones obtained from b10-zonemgr, based on a latest update to zonemgr's configuration. The number of newly configured (unique) secondary zones is logged.

An error message. b10-ddns was notified of updates to a list of secondary zones from b10-zonemgr and tried to update its own internal copy of the list, but it failed. This can happen if the configuration contains an error, and b10-zonemgr should also reject that update. Unfortunately, in the current implementation there is no way to ensure that both zonemgr and ddns have consistent information when an update contains an error; further, as of this writing zonemgr has a bug that it could partially update the list of secondary zones if part of the list has an error (see Trac ticket #2038). b10-ddns still keeps running with the previous configuration, but it's strongly advisable to check log messages from zonemgr, and if it indicates there can be inconsistent state, it's better to restart the entire BIND 10 system (just restarting b10-ddns wouldn't be enough, because zonemgr can have partially updated configuration due to bug #2038). The log message contains an error description, but it's intentionally kept simple as it's primarily a matter of zonemgr. To know the details of the error, log messages of zonemgr should be consulted.

A debug message, informing there's some activity on the given file descriptor. It will be either a request or the file descriptor will be closed. See following log messages to see what of it.

The ddns process is shutting down. It will no longer listen for new commands or updates. Any command or update that is being addressed at this moment will be completed, after which the process will exit.

The ddns process has successfully started and is now ready to receive commands and updates.

There was an error response from b10-auth to the command to start forwarding DDNS UPDATE messages to b10-ddns. It is almost certain that DDNS UPDATE messages are not handled now, and that they will be responded to with a NOTIMP error code, even though b10-ddns is running. The error message is printed, and additional information may be found in the b10-auth log output. Since this is an error that is sent by the b10-auth module, it should have more information as to what the actual problem was.

There was an error when attempting to send b10-auth the request to forward DDNS UPDATE messages to the b10-ddns module. This points to an internal problem using the inter-module messaging system. This needs to be inspected, as it is almost certain that DDNS UPDATE messages are not handled now. The specific error is printed in the log message.

The ddns process has successfully stopped and is no longer listening for or handling commands or updates, and will now exit.

There was a keyboard interrupt signal to stop the ddns process. The process will now shut down.

There was an error response from b10-auth to the command to stop forwarding DDNS UPDATE messages to b10-ddns. This specific error may not be fatal; instead of returning NOTIMP for future DDNS UPDATE messages, it will return SERVFAIL. However, this does point to an underlying problem in the messaging system, and should be inspected. The error message is printed, and additional information may be found in the b10-auth log output.

There was an error when attempting to send b10-auth the request to stop forwarding DDNS UPDATE messages to the b10-ddns module. This points to an internal problem using the inter-module messaging system. This specific error may not be fatal; instead of returning NOTIMP for future DDNS UPDATE messages, it will return SERVFAIL. However, this does point to an underlying problem in the messaging system, and should be inspected. The specific error is printed in the log message.

The b10-ddns process encountered an uncaught exception and will now shut down. This is indicative of a programming error and should not happen under normal circumstances. The exception type and message are printed.

Debug message. b10-ddns has made updates to a zone based on an update request and has successfully notified an external module of the updates. The notified module will use that information for updating its own state or any necessary protocol action such as zone reloading or sending notify messages to secondary servers.

b10-ddns has made updates to a zone based on an update request and tried to notify an external component of the updates, but the notification fails. One possible cause of this is that the external component is not really running and it times out in waiting for the response, although it will be less likely to happen in practice because these components will normally be configured to run when the server provides the authoritative DNS service; ddns is rather optional among them. If this happens, however, it will suspend b10-ddns for a few seconds during which it cannot handle new requests (some may be delayed, some may be dropped, depending on the volume of the incoming requests). This is obviously bad, and if this error happens due to this reason, the administrator should make sure the component in question should be configured to run. For a longer term, b10-ddns should be more robust about this case such as by making this notification asynchronously and/or detecting the existence of the external components to avoid hopeless notification in the first place. Severity of this error for the receiving components depends on the type of the component. If it's b10-xfrout, this means DNS notify messages won't be sent to secondary servers of the zone. It's suboptimal, but not necessarily critical as the secondary servers will try to check the zone's status periodically. If it's b10-auth and the notification was needed to have it reload the corresponding zone, it's more serious because b10-auth won't be able to serve the new version of the zone unless some explicit recovery action is taken. So the administrator needs to examine this message and takes an appropriate action. In either case, this notification is generally expected to succeed; so the fact it fails itself means there's something wrong in the BIND 10 system, and it would be advisable to check other log messages.

An update attempt failed due to some error in the corresponding data source. This is generally an unexpected event, but can still happen for various reasons such as DB lock contention or a failure of the backend DB server. The cause of the error is also logged. It's advisable to check the message, and, if necessary, take an appropriate action (e.g., restarting the DB server if it dies). If this message is logged the data source isn't modified due to the corresponding update request. When used by the b10-ddns, the server will return a response with an RCODE of SERVFAIL.

The prerequisite with the given name, class and type is not well-formed. The specific prerequisite is shown. In this case, it has a non-zero TTL value. A FORMERR error response is sent to the client.

The prerequisite with the given name, class and type is not well-formed. The specific prerequisite is shown. In this case, it either has a non-zero TTL value, or has rdata fields. A FORMERR error response is sent to the client.

The prerequisite with the given name, class and type is not well-formed. The specific prerequisite is shown. In this case, the class of the prerequisite should either match the class of the zone in the Zone Section, or it should be ANY or NONE, and it is not. A FORMERR error response is sent to the client.

The prerequisite with the given name, class and type is not well-formed. The specific prerequisite is shown. In this case, it either has a non-zero TTL value, or has rdata fields. A FORMERR error response is sent to the client.

A DNS UPDATE prerequisite was not satisfied. The specific prerequisite that was not satisfied is shown. The client is sent an error response with the given rcode. In this case, the specific prerequisite is 'Name is in use'. From RFC2136: Name is in use. At least one RR with a specified NAME (in the zone and class specified by the Zone Section) must exist. Note that this prerequisite is NOT satisfied by empty nonterminals.

A DNS UPDATE prerequisite was not satisfied. The specific prerequisite that was not satisfied is shown. The client is sent an error response with the given rcode. In this case, the specific prerequisite is 'Name is not in use'. From RFC2136: Name is not in use. No RR of any type is owned by a specified NAME. Note that this prerequisite IS satisfied by empty nonterminals.

A DDNS UPDATE prerequisite has a name that does not appear to be inside the zone specified in the Zone section of the UPDATE message. The specific prerequisite is shown. A NOTZONE error response is sent to the client.

A DNS UPDATE prerequisite was not satisfied. The specific prerequisite that was not satisfied is shown. The client is sent an error response with the given rcode. In this case, the specific prerequisite is 'RRset does not exist'. From RFC2136: RRset does not exist. No RRs with a specified NAME and TYPE (in the zone and class denoted by the Zone Section) can exist.

A DNS UPDATE prerequisite was not satisfied. The specific prerequisite that was not satisfied is shown. The client is sent an error response with the given rcode. In this case, the specific prerequisite is 'RRset exists (value independent)'. From RFC2136: RRset exists (value dependent). A set of RRs with a specified NAME and TYPE exists and has the same members with the same RDATAs as the RRset specified here in this Section.

A DNS UPDATE prerequisite was not satisfied. The specific prerequisite that was not satisfied is shown. The client is sent an error response with the given rcode. In this case, the specific prerequisite is 'RRset exists (value dependent)'. From RFC2136: RRset exists (value independent). At least one RR with a specified NAME and TYPE (in the zone and class specified by the Zone Section) must exist.

The Update section of a DDNS update message contains a statement that tries to add a record of an invalid type. Most likely the record has an RRType that is considered a 'meta' type, which cannot be zone content data. The specific record is shown. A FORMERR response is sent back to the client.

Debug message. An update request was approved in terms of the zone's update ACL.

The Update section of a DDNS update message contains an RRset with a bad class. The class of the update RRset must be either the same as the class in the Zone Section, ANY, or NONE. A FORMERR response is sent back to the client.

An error occured while committing the DDNS update changes to the datasource. The specific error is printed. A SERVFAIL response is sent back to the client.

The Update section of a DDNS update message contains a statement that tries to delete an rrset of an invalid type. Most likely the record has an RRType that is considered a 'meta' type, which cannot be zone content data. The specific record is shown. A FORMERR response is sent back to the client.

The Update section of a DDNS update message contains a 'delete rrset' statement with a non-zero TTL. This is not allowed by the protocol. A FORMERR response is sent back to the client.

The Update section of a DDNS update message contains a 'delete rrset' statement with a non-empty RRset. This is not allowed by the protocol. A FORMERR response is sent back to the client.

The Update section of a DDNS update message contains a statement that tries to delete one or more rrs of an invalid type. Most likely the records have an RRType that is considered a 'meta' type, which cannot be zone content data. The specific record is shown. A FORMERR response is sent back to the client.

The Update section of a DDNS update message contains a 'delete rrs' statement with a non-zero TTL. This is not allowed by the protocol. A FORMERR response is sent back to the client.

Informational message. An update request was denied because it was rejected by the zone's update ACL. When this library is used by b10-ddns, the server will respond to the request with an RCODE of REFUSED as described in Section 3.3 of RFC2136.

Informational message. An update request was denied because it was rejected by the zone's update ACL. When this library is used by b10-ddns, the server will then completely ignore the request; no response will be sent.

Debug message. An error is found in processing a dynamic update request. This log message is used for general errors that are not normally expected to happen. So, in general, it would mean some problem in the client implementation or an interoperability issue with this implementation. The client's address, the zone name and class, and description of the error are logged.

Debug message. An update request is sent to a secondary server. This is not necessarily invalid, but this implementation does not yet support update forwarding as specified in Section 6 of RFC2136 and it will simply return a response with an RCODE of NOTIMP to the client. The client's address and the zone name/class are logged.

Debug message. An update request was received for a zone for which the receiving server doesn't have authority. In theory this is an unexpected event, but there are client implementations that could send update requests carelessly, so it may not necessarily be so uncommon in practice. If possible, you may want to check the implementation or configuration of those clients to suppress the requests. As specified in Section 3.1 of RFC2136, the receiving server will return a response with an RCODE of NOTAUTH.

A DDNS UPDATE record has a name that does not appear to be inside the zone specified in the Zone section of the UPDATE message. The specific update record is shown. A NOTZONE error response is sent to the client.

The handling of the prerequisite section (RFC2136 Section 3.2) found that one of the prerequisites was not satisfied. The result code should give more information on what prerequisite type failed. If the result code is FORMERR, the prerequisite section was not well-formed. An error response with the given result code is sent back to the client.

An uncaught exception was encountered while processing the Update section of a DDNS message. The specific exception is shown in the log message. To make sure DDNS service is not interrupted, this problem is caught instead of reraised; The update is aborted, and a SERVFAIL is sent back to the client. This is most probably a bug in the DDNS code, but *could* be caused by the data source.

The xfrin module received an update containing multiple rdata changes for the same RRset. But the TTLs of these don't match each other. As we combine them together, the latter one gets overwritten to the earlier one in the sequence.

An attempt was made to create a Diff object with journaling enabled, but the underlying data source didn't support journaling (while still allowing updates) and so the created object has it disabled. At a higher level this means that the updates will be applied to the zone but subsequent IXFR requests will result in a full zone transfer (i.e., an AXFR-style IXFR). Unless the overhead of the full transfer is an issue this message can be ignored; otherwise you may want to check why the journaling wasn't allowed on the data source and either fix the issue or use a different type of data source.

A message from the interface to the underlying logger implementation reporting that the debug level (as set by an internally-created string DEBUGn, where n is an integer, e.g. DEBUG22) is above the maximum allowed value and has been reduced to that value. The appearance of this message may indicate a programming error - please submit a bug report.

A message from the interface to the underlying logger implementation reporting that an internally-created string used to set the debug level is not of the correct format (it should be of the form DEBUGn, where n is an integer, e.g. DEBUG22). The appearance of this message indicates a programming error - please submit a bug report.

A message from the interface to the underlying logger implementation reporting that the debug level (as set by an internally-created string DEBUGn, where n is an integer, e.g. DEBUG22) is below the minimum allowed value and has been increased to that value. The appearance of this message may indicate a programming error - please submit a bug report.

A logger destination value was given that was not recognized. The destination should be one of "console", "file", or "syslog".

A logger severity value was given that was not recognized. The severity should be one of "DEBUG", "INFO", "WARN", "ERROR", "FATAL" or "NONE".

Logging has been configured so that output is written to the terminal (console) but the stream on which it is to be written is not recognised. Allowed values are "stdout" and "stderr".

During start-up, BIND 10 detected that the given message identification had been defined multiple times in the BIND 10 code. This indicates a programming error; please submit a bug report.

When reading a message file, more than one $NAMESPACE directive was found. (This directive is used to set a C++ namespace when generating header files during software development.) Such a condition is regarded as an error and the read will be abandoned.

The program was not able to open the specified input message file for the reason given.

An invalid message identification (ID) has been found during the read of a message file. Message IDs should comprise only alphanumeric characters and the underscore, and should not start with a digit.

This is a log message used in testing.

The $NAMESPACE directive in a message file takes a single argument, a namespace in which all the generated symbol names are placed. This error is generated when the compiler finds a $NAMESPACE directive with more than one argument.

The $NAMESPACE argument in a message file should be a valid C++ namespace. This message is output if the simple check on the syntax of the string carried out by the reader fails.

The $NAMESPACE directive in a message file takes a single argument, a C++ namespace in which all the generated symbol names are placed. This error is generated when the compiler finds a $NAMESPACE directive with no arguments.

Within a message file, message are defined by lines starting with a "%". The rest of the line should comprise the message ID and text describing the message. This error indicates the message compiler found a line in the message file comprising just the "%" and nothing else.

Within a message file, message are defined by lines starting with a "%". The rest of the line should comprise the message ID and text describing the message. This error indicates the message compiler found a line in the message file comprising just the "%" and message identification, but no text.

During start-up a local message file was read. A line with the listed message identification was found in the file, but the identification is not one contained in the compiled-in message dictionary. This message may appear a number of times in the file, once for every such unknown message identification.

There may be several reasons why this message may appear:

- The message ID has been mis-spelled in the local message file.

- The program outputting the message may not use that particular message (e.g. it originates in a module not used by the program.)

- The local file was written for an earlier version of the BIND 10 software and the later version no longer generates that message.

Whatever the reason, there is no impact on the operation of BIND 10.

Originating within the logging code, the program was not able to open the specified output file for the reason given.

Within a message file, the $PREFIX directive takes a single argument, a prefix to be added to the symbol names when a C++ file is created. This error is generated when the compiler finds a $PREFIX directive with more than one argument.

Note: the $PREFIX directive is deprecated and will be removed in a future version of BIND 10.

Within a message file, the $PREFIX directive takes a single argument, a prefix to be added to the symbol names when a C++ file is created. As such, it must adhere to restrictions on C++ symbol names (e.g. may only contain alphanumeric characters or underscores, and may nor start with a digit). A $PREFIX directive was found with an argument (given in the message) that violates those restrictions.

Note: the $PREFIX directive is deprecated and will be removed in a future version of BIND 10.

This is an informational message output by BIND 10 when it starts to read a local message file. (A local message file may replace the text of one of more messages; the ID of the message will not be changed though.)

The specified error was encountered reading from the named message file.

Within a message file, a line starting with a dollar symbol was found (indicating the presence of a directive) but the first word on the line (shown in the message) was not recognised.

The specified error was encountered by the message compiler when writing to the named output file.

notify_out failed to get access to one of configured data sources. Detailed error is shown in the log message. This can be either a configuration error or installation setup failure.

notify_out attempted to get slave information of a zone but the zone isn't found in the expected data source. This shouldn't happen, because notify_out first identifies a list of available zones before this process. So this means some critical inconsistency in the data source or software bug.

The notify_out library tried to send a notify message to the given address, but it appears to be an invalid address. The configuration for secondary nameservers might contain a typographic error, or a different BIND 10 module has forgotten to validate its data before sending this module a notify command. As such, this should normally not happen, and points to an oversight in a different module.

The notify_out library sent a notify message to the nameserver at the given address, but the response did not have the opcode set to NOTIFY. The opcode in the response is printed. Since there was a response, no more notifies will be sent to this server for this notification event.

The notify_out library sent a notify message to the nameserver at the given address, but the query id in the response does not match the one we sent. Since there was a response, no more notifies will be sent to this server for this notification event.

The notify_out library sent a notify message to the nameserver at the given address, but the query name in the response does not match the one we sent. Since there was a response, no more notifies will be sent to this server for this notification event.

The notify_out library sent a notify message to the namesever at the given address, but the reply did not have the QR bit set to one. Since there was a response, no more notifies will be sent to this server for this notification event.

There was an uncaught exception in the handling of a notify reply message, either in the message parser, or while trying to extract data from the parsed message. The error is printed, and notify_out will treat the response as a bad message, but this does point to a programming error, since all exceptions should have been caught explicitly. Please file a bug report. Since there was a response, no more notifies will be sent to this server for this notification event.

The maximum number of retries for the notify target has been exceeded. Either the address of the secondary nameserver is wrong, or it is not responding.

A notify message is sent to the secondary nameserver at the given address.

There was a network error while trying to send a notify message to the given address. The address might be unreachable. The socket error is printed and should provide more information.

There was a network error while trying to read a notify reply message from the given address. The socket error is printed and should provide more information.

The notify message to the given address (noted as address#port) has timed out, and the message will be resent until the max retry limit is reached.

This is a warning issued when the notify_out module finds a zone that doesn't have an SOA RR or has multiple SOA RRs. Notify message won't be sent to such a zone.

This is a warning issued when the notify_out module finds a zone that doesn't have an NS RR. Notify message won't be sent to such a zone.

The NSAS (nameserver address store - part of the resolver) made a query for information it needed. The query completed successfully but the answer section in the response was empty.

The NSAS (nameserver address store - part of the resolver) made a query for information it needed. The query completed successfully but the RCODE in the response was something other than NOERROR.

A debug message issued when the NSAS (nameserver address store - part of the resolver) is making a callback into the resolver to retrieve the address records for the specified nameserver.

A debug message issued when the NSAS (nameserver address store - part of the resolver) has retrieved the given address for the specified nameserver through an external query.

A debug message issued when an NSAS (nameserver address store - part of the resolver) lookup for a zone has been canceled.

A debug message issued when the NSAS (nameserver address store - part of the resolver) has been unable to retrieve the specified resource record for the specified nameserver. This is not necessarily a problem - the nameserver may be unreachable, in which case the NSAS will try other nameservers in the zone.

The NSAS (nameserver address store - part of the resolver) made a query for information it needed. The query completed successfully, but the message passed to the callback was null.

This message indicates an internal error in the NSAS. Please raise a bug report.

A debug message output when a call is made to the NSAS (nameserver address store - part of the resolver) to obtain the nameservers for the specified zone.

A NSAS (nameserver address store - part of the resolver) debug message reporting the update of a round-trip time (RTT) for a query made to the specified nameserver. The RTT has been updated using the value given and the new RTT is displayed. (The RTT is subject to a calculation that damps out sudden changes. As a result, the new RTT used by the NSAS in future decisions of which nameserver to use is not necessarily equal to the RTT reported.)

A NSAS (nameserver address store - part of the resolver) made a query for a resource record of a particular type and class, but instead received an answer with a different given type and class.

This message indicates an internal error in the NSAS. Please raise a bug report.

Debug message. A complete DNS message has been successfully transmitted over a TCP connection, possibly after multiple send operations. The destination address and the total size of the message (including the 2-byte length field) are shown in the log message.

A DNS message has been attempted to be sent out over a TCP connection, but it failed due to some network error. Although it's not expected to happen too often, it can still happen for various reasons. The administrator may want to examine the cause of the failure, which is included in the log message, to see if it requires some action to be taken at the server side. When this message is logged, the corresponding TCP connection was closed immediately after the error was detected.

Debug message. A part of DNS message has been transmitted over a TCP connection, and it's suspended because further attempt would block. The destination address and the total size of the message that has been transmitted so far (including the 2-byte length field) are shown in the log message.

A debug message noting that the global TSIG keyring is being removed from memory. Most programs don't do that, they just exit, which is OK.

A debug message noting the TSIG keyring storage is being prepared. It should appear at most once in the lifetime of a program. The keyring still needs to be loaded from configuration.

A debug message. The TSIG keyring is being (re)loaded from configuration. This happens at startup or when the configuration changes. The old keyring is removed and new one created with all the keys.

A debug message reporting that an answer has been received to an upstream query for the specified question. Previous debug messages will have indicated the server to which the question was sent.

A debug message recording that CNAME response has been received to an upstream query for the specified question. Previous debug messages will have indicated the server to which the question was sent.

A debug message, a cache lookup did not find the specified <name, class, type> tuple in the cache; instead, the deepest delegation found is indicated.

A debug message, the response to the specified query from an upstream nameserver did not contain anything in the answer or authority sections, although in all other respects it was a valid response. A SERVFAIL will be returned to the system making the original query.

A debug message, the response to the specified query to an upstream nameserver indicated that the response was classified as an erroneous response, but that the nature of the error cannot be identified. A SERVFAIL will be returned to the system making the original query.

A debug message indicating that the response to the specified query from an upstream nameserver contained too much data. This can happen if an ANY query was sent and the answer section in the response contained multiple RRs with different names. A SERVFAIL will be returned to the system making the original query.

A debug message, a CNAME response was received and another query is being issued for the <name, class, type> tuple.

A debug message, the response to the specified query from an upstream nameserver (as identified by the ID of the response) contained either an answer not matching the query name or an answer having a different class to that queried for. A SERVFAIL will be returned to the system making the original query.

A debug message, the response to the specified query from an upstream nameserver (as identified by the ID of the response) contained a name in the question section that did not match that of the query. A SERVFAIL will be returned to the system making the original query.

A debug message, the response to the specified query from an upstream nameserver (as identified by the ID of the response) contained an invalid type field. A SERVFAIL will be returned to the system making the original query.

A debug message recording that a CNAME response has been received to an upstream query for the specified question (Previous debug messages will have indicated the server to which the question was sent). However, receipt of this CNAME has meant that the resolver has exceeded the CNAME chain limit (a CNAME chain is where on CNAME points to another) and so an error is being returned.

A debug message reporting that the response to an upstream query for the specified name contained multiple RRsets in the answer and not all were of the same class. This is a violation of the standard and so a SERVFAIL will be returned.

A debug message, the response to the specified query from an upstream nameserver was a CNAME that had mutiple RRs in the RRset. This is an invalid response according to the standards so a SERVFAIL will be returned to the system making the original query.

A debug message, the response to the specified query from an upstream nameserver (as identified by the ID of the response) did not contain one name in the question section as required by the standard. A SERVFAIL will be returned to the system making the original query.

A debug message, the response to the specified query from an upstream nameserver (as identified by the ID of the response) did not have the QR bit set (thus indicating that the packet was a query, not a response). A SERVFAIL will be returned to the system making the original query.

A debug message, this indicates that a response was received for the specified query and was categorized as a referral. However, the received message did not contain any NS RRsets. This may indicate a programming error in the response classification code.

A debug message, the RunningQuery object is querying the NSAS for the nameservers for the specified zone.

A debug message recording that either a NXDOMAIN or an NXRRSET response has been received to an upstream query for the specified question. Previous debug messages will have indicated the server to which the question was sent.

A debug message, the response to the specified query from an upstream nameserver was a response that did not have the opcode set to that of a query. According to the standards, this is an invalid response to the query that was made, so a SERVFAIL will be returned to the system making the original query.

A debug message indicating that a protocol error was received. As there are no retries left, an error will be reported.

A debug message indicating that a protocol error was received and that the resolver is repeating the query to the same nameserver. After this repeated query, there will be the indicated number of retries left.

A debug message, the response to the specified query indicated an error that is not covered by a specific code path. A SERVFAIL will be returned.

This is a debug message and indicates that a RecursiveQuery object found the the specified <name, class, type> tuple in the cache. The instance number at the end of the message indicates which of the two resolve() methods has been called.

This is a debug message and indicates that the look in the cache made by the RecursiveQuery::resolve() method did not find an answer, so a new RunningQuery object has been created to resolve the question. The instance number at the end of the message indicates which of the two resolve() methods has been called.

A debug message recording that a referral response has been received to an upstream query for the specified question. Previous debug messages will have indicated the server to which the question was sent.

A debug message indicating that the last referral message was to the specified zone.

A debug message, the RecursiveQuery::resolve method has been called to resolve the specified <name, class, type> tuple. The first action will be to lookup the specified tuple in the cache. The instance number at the end of the message indicates which of the two resolve() methods has been called.

A debug message, indicating that when RecursiveQuery::resolve queried the cache, a single RRset was found which was put in the answer. The instance number at the end of the message indicates which of the two resolve() methods has been called.

A debug message giving the round-trip time of the last query and response.

This is a debug message and indicates that a RunningQuery object found the specified <name, class, type> tuple in the cache.

This is a debug message and indicates that a RunningQuery object has made a call to its doLookup() method to look up the specified <name, class, type> tuple, the first action of which will be to examine the cache.

A debug message indicating that a RunningQuery's failure callback has been called because all nameservers for the zone in question are unreachable.

A debug message indicating that a RunningQuery's success callback has been called because a nameserver has been found, and that a query is being sent to the specified nameserver.

This is a debug message logged when a response to the specified query to an upstream nameserver returned a response with the TC (truncation) bit set. This is treated as an error by the code.

This is a warning message only generated in unit tests. It indicates that all upstream queries from the resolver are being routed to the specified server, regardless of the address of the nameserver to which the query would normally be routed. If seen during normal operation, please submit a bug report.

This is a debug message and should only be seen in unit tests. A query for the specified <name, class, type> tuple is being sent to a test nameserver whose address is given in the message.

A debug message indicating that the specified upstream query has timed out and there are no retries left.

A debug message indicating that the specified query has timed out and that the resolver is repeating the query to the same nameserver. After this repeated query, there will be the indicated number of retries left.

A debug message, this indicates that the response to the specified query was truncated and that the resolver will be re-querying over TCP. There are various reasons why responses may be truncated, so this message is normal and gives no cause for concern.

A debug message indicating that a query for the specified <name, class, type> tuple is being sent to a nameserver whose address is given in the message.

This is a debug message output when the resolver received a request for an AXFR (full transfer of a zone) over TCP. Only authoritative servers are able to handle AXFR requests, so the resolver will return an error message to the sender with the RCODE set to NOTIMP.

This is a debug message output when the resolver received a request for an AXFR (full transfer of a zone) over UDP. Only authoritative servers are able to handle AXFR requests (and in any case, an AXFR request should be sent over TCP), so the resolver will return an error message to the sender with the RCODE set to NOTIMP.

During the update of the resolver's configuration parameters, the value of the client timeout was found to be too small. The configuration update was abandoned and the parameters were not changed.

This is a debug message output when the resolver has successfully established a connection to the configuration channel.

An error was detected in a configuration update received by the resolver. This may be in the format of the configuration message (in which case this is a programming error) or it may be in the data supplied (in which case it is a user error). The reason for the error, included in the message, will give more details. The configuration update is not applied and the resolver parameters were not changed.

This is a debug message output when the resolver configuration has been successfully loaded.

This is a debug message output when the resolver configuration is being updated with the specified information.

This is a debug message indicating that the main resolver object has been created.

This is a debug message from the resolver listing the contents of a received DNS message.

This is a debug message containing details of the response returned by the resolver to the querying system.

This is an error message output when an unhandled exception is caught by the resolver. After this, the resolver will shut itself down. Please submit a bug report.

If the resolver is running in forward mode, this message will appear during startup to list the forward address. If multiple addresses are specified, it will appear once for each address.

This is a debug message indicating that a query received by the resolver has passed a set of checks (message is well-formed, it is allowed by the ACL, it is a supported opcode, etc.) and is being forwarded to upstream servers.

This is a debug message from the resolver noting that an exception occurred during the processing of a received packet. The packet has been dropped.

This is a debug message indicating that the resolver received a request for an IXFR (incremental transfer of a zone). Only authoritative servers are able to handle IXFR requests, so the resolver will return an error message to the sender with the RCODE set to NOTIMP.

During the update of the resolver's configuration parameters, the value of the lookup timeout was found to be too small. The configuration update will not be applied.

This is a debug message noting that parsing of the body of a received message by the resolver failed due to some error (although the parsing of the header succeeded). The message parameters give a textual description of the problem and the RCODE returned.

This error is issued when a resolver configuration update has specified a negative retry count: only zero or positive values are valid. The configuration update was abandoned and the parameters were not changed.

This debug message is issued when resolver has received a DNS packet that was not IN (Internet) class. The resolver cannot handle such packets, so is returning a REFUSED response to the sender.

This is a debug message indicating that the query received by the resolver has passed a set of checks (message is well-formed, it is allowed by the ACL, it is a supported opcode, etc.) and is being processed by the resolver.

The resolver has received a NOTIFY message. As the server is not authoritative it cannot process it, so it returns an error message to the sender with the RCODE set to NOTAUTH.

This debug message indicates that the resolver received a query that contained the number of entries in the question section detailed in the message. This is a malformed message, as a DNS query must contain only one question. The resolver will return a message to the sender with the RCODE set to FORMERR.

A warning message issued during resolver startup, this indicates that no root addresses have been set. This may be because the resolver will get them from a priming query.

This is a debug message noting that the resolver received a message and the parsing of the body of the message failed due to some non-protocol related reason (although the parsing of the header succeeded). The message parameters give a textual description of the problem and the RCODE returned.

This debug message is logged when a "print_message" command is received by the resolver over the command channel.

This is a debug message noting that the resolver received a message and the parsing of the body of the message failed due to some protocol error (although the parsing of the header succeeded). The message parameters give a textual description of the problem and the RCODE returned.

This debug message is produced by the resolver when an incoming query is accepted in terms of the query ACL. The log message shows the query in the form of <query name>/<query type>/<query class>, and the client that sends the query in the form of <Source IP address>#<source port>.

This is an informational message that indicates an incoming query has been dropped by the resolver because of the query ACL. Unlike the RESOLVER_QUERY_REJECTED case, the server does not return any response. The log message shows the query in the form of <query name>/<query type>/<query class>, and the client that sends the query in the form of <Source IP address>#<source port>.

This is an informational message that indicates an incoming query has been rejected by the resolver because of the query ACL. This results in a response with an RCODE of REFUSED. The log message shows the query in the form of <query name>/<query type>/<query class>, and the client that sends the query in the form of <Source IP address>#<source port>.

This is a debug message noting that the resolver is creating a RecursiveQuery object.

This is a debug message noting that the resolver is destroying a RecursiveQuery object.

During the update of the resolver's configuration parameters, the value of the query timeout was found to be too small. The configuration parameters were not changed.

This is a debug message indicating that the resolver has received a DNS message. Depending on the debug settings, subsequent log output will indicate the nature of the message.

This is an informational message that appears at startup noting that the resolver is running in recursive mode.

This debug message is output when resolver creates the main service object (which handles the received queries).

This debug message lists the parameters being set for the resolver. These are: query timeout: the timeout (in ms) used for queries originated by the resolver to upstream servers. Client timeout: the interval to resolve a query by a client: after this time, the resolver sends back a SERVFAIL to the client whilst continuing to resolve the query. Lookup timeout: the time at which the resolver gives up trying to resolve a query. Retry count: the number of times the resolver will retry a query to an upstream server if it gets a timeout.

The client and lookup timeouts require a bit more explanation. The resolution of the client query might require a large number of queries to upstream nameservers. Even if none of these queries timeout, the total time taken to perform all the queries may exceed the client timeout. When this happens, a SERVFAIL is returned to the client, but the resolver continues with the resolution process; data received is added to the cache. However, there comes a time - the lookup timeout - when even the resolver gives up. At this point it will wait for pending upstream queries to complete or timeout and drop the query.

This debug message is generated when a new query ACL is configured for the resolver.

This message gives the address of one of the root servers used by the resolver. It is output during startup and may appear multiple times, once for each root server address.

This informational message is output when the resolver has shut down.

A debug message noting that the server was asked to terminate and is complying to the request.

This informational message is output by the resolver when all initialization has been completed and it is entering its main loop.

An informational message, this is output when the resolver starts up.

This is a debug message noting that the resolver received a DNS response packet on the port on which is it listening for queries. The packet has been ignored.

This is debug message output when the resolver received a message with an unsupported opcode (it can only process QUERY opcodes). It will return a message to the sender with the RCODE set to NOTIMP.

Debug message. A socket requesor (client of the socket creator) is created for the corresponding application. Normally this should happen at most one time throughout the lifetime of the application.

Debug message. The socket requestor created at SOCKETREQUESTOR_CREATED has been destroyed. This event is generally unexpected other than in test cases.

Debug message. The socket requestor for the corresponding application has requested a socket for a set of address, port and protocol (shown in the log message) and successfully got it from the creator. The corresponding file descriptor and the associated "token" (an internal ID used between the creator and requestor) are shown in the log message.

Debug message. The socket requestor has released a socket passed by the creator. The associated token of the socket is shown in the log message. If the corresponding SOCKETREQUESTOR_GETSOCKET was logged more detailed information of the socket can be identified by matching the token.

This points to an error in configuration. What was supposed to be a list of IP address - port pairs isn't a list at all but something else.

The server failed to bind to one of the address/port pair it should according to configuration, for reason listed in the message (usually because that pair is already used by other service or missing privileges). The server will try to recover and bind the address/port pairs it was listening to before (if any).

This points to an error in configuration. An address specification in the configuration is missing either an address or port and so cannot be used. The specification causing the error is given in the message.

This points to an error in configuration. An address specification in the configuration malformed. The specification causing the error is given in the message. A valid specification contains an address part (which must be a string and must represent a valid IPv4 or IPv6 address) and port (which must be an integer in the range valid for TCP/UDP ports on your system).

The recovery of old addresses after SRVCOMM_ADDRESS_FAIL also failed for the reason listed.

The condition indicates problems with the server and/or the system on which it is running. The server will continue running to allow reconfiguration, but will not be listening on any address or port until an administrator does so.

Debug message. This lists one address and port value of the set of addresses we are going to listen on (eg. there will be one log message per pair). This appears only after SRVCOMM_SET_LISTEN, but might be hidden, as it has higher debug level.

The process tried to allocate a socket using the socket creator, but an error occurred. But it is not one of the errors we are sure are "safe". In this case it is unclear if the unsuccessful communication left the process and the bind10 process in inconsistent state, so the process is going to abort to prevent further problems in that area.

This is probably a bug in the code, but it could be caused by other unusual conditions (like insufficient memory, deleted socket file used for communication).

Debug message indicating that the server is deinitializing the TSIG keyring.

Debug message indicating that the server is initializing the global TSIG keyring. This should be seen only at server start.

Debug message indicating new keyring is being loaded from configuration (either on startup or as a result of configuration update).

This points to an error in configuration. The port in an address specification is outside the valid range of 0 to 65535.

Debug message, noting that the server is about to start listening on a different set of IP addresses and ports than before.

The situation is the same as in the SRVCOMM_EXCEPTION_ALLOC case, but further details about the error are unknown, because it was signaled by throwing something not being an exception. This is definitely a bug.

The stats-httpd module was called with a bad command-line argument and will not start.

The stats-httpd module was unable to connect to the BIND 10 command and control bus. A likely problem is that the message bus daemon (b10-msgq) is not running. The stats-httpd module will now shut down.

The stats-httpd daemon will stop listening for requests on the given address and port number.

Debug message indicating that the stats-httpd module is disconnecting from the command and control bus.

The stats-httpd daemon has received new configuration data and will now process it. The (changed) data is printed.

A shutdown command was sent to the stats-httpd module, and it will now shut down.

A status command was sent to the stats-httpd module, and it will respond with 'Stats Httpd is up.' and its PID.

An unknown command has been sent to the stats-httpd module. The stats-httpd module will respond with an error, and the command will be ignored.

An internal error occurred while handling an HTTP request. An HTTP 404 response will be sent back, and the specific error is printed. This is an error condition that likely points the specified data corresponding to the requested URI is incorrect.

An internal error occurred while handling an HTTP request. An HTTP 500 response will be sent back, and the specific error is printed. This is an error condition that likely points to a module that is not responding correctly to statistic requests.

There was a problem initializing the HTTP server in the stats-httpd module upon receiving its configuration data. The most likely cause is a port binding problem or a bad configuration value. The specific error is printed in the message. The new configuration is ignored, and an error is sent back.

The stats-httpd daemon is shutting down.

The stats-httpd daemon will now start listening for requests on the given address and port number.

Debug message indicating that the stats-httpd module is connecting to the command and control bus.

There was a problem initializing the HTTP server in the stats-httpd module upon startup. The most likely cause is that it was not able to bind to the listening port. The specific error is printed, and the module will shut down.

There was a keyboard interrupt signal to stop the stats-httpd daemon. The daemon will now shut down.

The stats-httpd daemon received a configuration update from the configuration manager. However, one of the items in the configuration is unknown. The new configuration is ignored, and an error is sent back. As possible cause is that there was an upgrade problem, and the stats-httpd version is out of sync with the rest of the system.

The stats module was called with a bad command-line argument and will not start.

The stats module was unable to connect to the BIND 10 command and control bus. A likely problem is that the message bus daemon (b10-msgq) is not running. The stats module will now shut down.

This debug message is printed when the stats module has received a configuration update from the configuration manager.

The stats module received a command to show all statistics schemas of all modules.

The stats module received a command to show the specified statistics schema of the specified module.

The stats module received a command to show all statistics that it has collected.

The stats module received a command to show the statistics that it has collected for the given item.

A shutdown command was sent to the stats module and it will now shut down.

A status command was sent to the stats module. It will return a response indicating that it is running normally.

An unknown command has been sent to the stats module. The stats module will respond with an error and the command will be ignored.

This debug message is printed when a request is sent to the boss module to send its data to the stats module.

The stats module will be now starting.

An internal error occurred while starting the stats module. The stats module will be now shutting down.

There was a keyboard interrupt signal to stop the stats module. The daemon will now shut down.

The specification file for the stats module contains a command that is unknown in the implementation. The most likely cause is an installation problem, where the specification file stats.spec is from a different version of BIND 10 than the stats module itself. Please check your installation.

There was a successful zone transfer. We send the "loadzone" command for the zone to b10-auth.

The serial fields of the first and last SOAs of AXFR (including AXFR-style IXFR) are not the same. According to RFC 5936 these two SOAs must be the "same" (not only for the serial), but it is still not clear what the receiver should do if this condition does not hold. There was a discussion about this at the IETF dnsext wg: http://www.ietf.org/mail-archive/web/dnsext/current/msg07908.html and the general feeling seems that it would be better to reject the transfer if a mismatch is detected. On the other hand, also as noted in that email thread, neither BIND 9 nor NSD performs any comparison on the SOAs. For now, we only check the serials (ignoring other fields) and only leave a warning log message when a mismatch is found. If it turns out to happen with a real world primary server implementation and that server actually feeds broken data (e.g. mixed versions of zone), we can consider a stricter action.

The given master address is not a valid IP address.

The master port as read from the configuration is not a valid port number.

The TSIG key string as read from the configuration does not represent a valid TSIG key.

The zone class as read from the configuration is not a valid DNS class.

There was a problem reading from the command and control channel. The most likely cause is that xfrin the msgq daemon is not running.

There was an error while the given command was being processed. The error is given in the log message.

There was an error opening a connection to the master. The error is shown in the log message.

In an attempt of IXFR processing, the begenning SOA of the first difference (following the initial SOA that specified the final SOA for all the differences) was found. This means a connection for xfrin tried IXFR and really aot a response for incremental updates.

Non incremental transfer was detected at the "first data" of a transfer, which is the RR following the initial SOA. Non incremental transfer is either AXFR or AXFR-style IXFR. In the latter case, it means that in a response to IXFR query the first data is not SOA or its SOA serial is not equal to the requested SOA serial.

There was an error importing the python DNS module pydnspp. The most likely cause is a PYTHONPATH problem.

The IXFR transfer for the given zone was successful. The provided information contains the following values:

messages: Number of overhead DNS messages in the transfer.

changesets: Number of difference sequences.

deletions: Number of Resource Records deleted by all the changesets combined, including the SOA records.

additions: Number of Resource Records added by all the changesets combined, including the SOA records.

bytes: Full size of the transfer data on the wire.

run time: Time (in seconds) the complete ixfr took.

bytes/second: Transfer speed.

Note that there is no cross-checking of additions and deletions; if the same RR gets added and deleted in multiple changesets, it is counted each time; therefore, for each changeset, there should at least be 1 deletion and 1 addition (the updated SOA record).

The first SOA record in an IXFR response indicates the zone's serial at the primary server is not newer than the client's. This is basically unexpected event because normally the client first checks the SOA serial by an SOA query, but can still happen if the transfer is manually invoked or (although unlikely) there is a rapid change at the primary server between the SOA and IXFR queries. The client implementation confirms the whole response is this single SOA, and aborts the transfer just like a successful case.

There was a problem sending a message to the xfrout module or the zone manager. This most likely means that the msgq daemon has quit or was killed.

There was a problem sending a message to b10-auth. This most likely means that the msgq daemon has quit or was killed.

There was a problem sending a message to the zone manager. This most likely means that the msgq daemon has quit or was killed.

The system received a notify for the given zone, but the address it came from does not match the master address in the Xfrin configuration. The notify is ignored. This may indicate that the configuration for the master is wrong, that a wrong machine is sending notifies, or that fake notifies are being sent.

There was an internal command to retransfer the given zone, but the zone is not known to the system. This may indicate that the configuration for xfrin is incomplete, or there was a typographical error in the zone name in the configuration.

This informational message is output by xfrin when all initialization has been completed and it is entering its main loop.

There was a keyboard interrupt signal to stop the xfrin daemon. The daemon will now shut down.

The AXFR transfer of the given zone was successful. The provided information contains the following values:

messages: Number of overhead DNS messages in the transfer

records: Number of Resource Records in the full transfer, excluding the final SOA record that marks the end of the AXFR.

bytes: Full size of the transfer data on the wire.

run time: Time (in seconds) the complete axfr took

bytes/second: Transfer speed

An uncaught exception was raised while running the xfrin daemon. The exception message is printed in the log message.

The XFR transfer for the given zone has failed due to a problem outside of the xfrin module. Possible reasons are a broken DNS message or failure in database connection. The error is shown in the log message.

An XFR session failed outside the main protocol handling. This includes an error at the data source level at the initialization phase, unexpected failure in the network connection setup to the master server, or even more unexpected failure due to unlikely events such as memory allocation failure. Details of the error are shown in the log message. In general, these errors are not really expected ones, and indicate an installation error or a program bug. The session handler thread tries to clean up all intermediate resources even on these errors, but it may be incomplete. So, if this log message continuously appears, system resource consumption should be checked, and you may even want to disable the corresponding transfers. You may also want to file a bug report if this message appears so often.

The XFR transfer for the given zone has failed due to an internal error. The error is shown in the log message.

The IXFR transfer of the given zone failed. This might happen in many cases, such that the remote server doesn't support IXFR, we don't have the SOA record (or the zone at all), we are out of sync, etc. In many of these situations, AXFR could still work. Therefore we try that one in case it helps.

The XFR transfer for the given zone has failed due to a protocol error, such as an unexpected response from the primary server. The error is shown in the log message. It may be because the primary server implementation is broken or (although less likely) there was some attack attempt, but it can also happen due to configuration mismatch such as the remote server does not have authority for the zone any more but the local configuration hasn't been updated. So it is recommended to check the primary server configuration.

A connection to the master server has been made, the serial value in the SOA record has been checked, and a zone transfer has been started.

On starting an xfrin session, it is identified that the zone to be transferred is not found in the data source. This can happen if a secondary DNS server first tries to perform AXFR from a primary server without creating the zone image beforehand (e.g. by b10-loadzone). As of this writing the xfrin process provides backward compatible behavior to previous versions: creating a new one in the data source not to surprise existing users too much. This is probably not a good idea, however, in terms of who should be responsible for managing zones at a higher level. In future it is more likely that a separate zone management framework is provided, and the situation where the given zone isn't found in xfrout will be treated as an error.

On starting an xfrin session, it is identified that the zone to be transferred has multiple SOA RRs. Such a zone is broken, but could be accidentally configured especially in a data source using "non captive" backend database. The implementation ignores entire SOA RRs and tries to continue processing as if the zone were empty. This means subsequent AXFR can succeed and possibly replace the zone with valid content, but an IXFR attempt will fail.

On starting an xfrin session, it is identified that the zone to be transferred does not have an SOA RR in the data source. This is not necessarily an error; if a secondary DNS server first tries to perform transfer from a primary server, the zone can be empty, and therefore doesn't have an SOA. Subsequent AXFR will fill in the zone; if the attempt is IXFR it will fail in query creation.

The response to an SOA query prior to xfr indicated that the zone's SOA serial at the primary server is smaller than that of the xfrin client. This is not necessarily an error especially if that particular primary server is another secondary server which hasn't got the latest version of the zone. But if the primary server is known to be the real source of the zone, some unexpected inconsistency may have happened, and you may want to take a closer look. In this case xfrin doesn't perform subsequent zone transfer.

The TSIG key string as read from the configuration does not represent a valid TSIG key.

There was a problem reading from the command and control channel. The most likely cause is that the msgq daemon is not running.

There was a problem reading a response from another module over the command and control channel. The most likely cause is that the configuration manager b10-cfgmgr is not running.

The xfrout process encountered an error when installing the configuration at startup time. Details of the error are included in the log message.

There was a socket error while contacting the b10-auth daemon to fetch a transfer request. The auth daemon may have shutdown.

There was a general error handling an xfrout query. The error is shown in the message. In principle this error should not appear, and points to an oversight catching exceptions in the right place. However, to ensure the daemon keeps running, this error is caught and reported.

There was an error importing a python module. One of the modules needed by xfrout could not be found. This suggests that either some libraries are missing on the system, or the PYTHONPATH variable is not correct. The specific place where this library needs to be depends on your system and your specific installation.

An IXFR request was received with more than one SOA RRs in the authority section. The xfrout daemon rejects the request with an RCODE of FORMERR.

An IXFR request was received but the underlying data source did not support journaling. The xfrout daemon fell back to AXFR-style IXFR.

An IXFR request was received with no SOA RR in the authority section. The xfrout daemon rejects the request with an RCODE of FORMERR.

An IXFR request was received, but the requested range of differences were not found in the data source. The xfrout daemon fell back to AXFR-style IXFR.

The requested zone in IXFR was not found in the data source even though the xfrout daemon sucessfully found the SOA RR of the zone in the data source. This can happen if the administrator removed the zone from the data source within the small duration between these operations, but it's more likely to be a bug or broken data source. Unless you know why this message was logged, and especially if it happens often, it's advisable to check whether the data source is valid for this zone. The xfrout daemon considers it a possible, though unlikely, event, and returns a response with an RCODE of NOTAUTH.

An IXFR request was received, but the client's SOA version is the same as or newer than that of the server. The xfrout server responds to the request with the answer section being just one SOA of that version. Note: as of this wrting the 'newer version' cannot be identified due to the lack of support for the serial number arithmetic. This will soon be implemented.

There was a problem in the lower level module handling configuration and control commands. This could happen for various reasons, but the most likely cause is that the configuration database contains a syntax error and xfrout failed to start at initialization. A detailed error message from the module will also be displayed.

New configuration settings have been sent from the configuration manager. The xfrout daemon will now apply them.

The xfrout daemon is now done reading the new configuration settings received from the configuration manager.

The xfrout daemon received a command on the command channel that NOTIFY packets should be sent for the given zone.

There was a parse error while reading an incoming query. The parse error is shown in the log message. A remote client sent a packet we do not understand or support. The xfrout request will be ignored. In general, this should only occur for unexpected problems like memory allocation failures, as the query should already have been parsed by the b10-auth daemon, before it was passed here.

There was an error in receiving a transfer request from b10-auth. This is generally an unexpected event, but is possible when, for example, b10-auth terminates in the middle of forwarding the request. When this happens it's unlikely to be recoverable with the same communication session with b10-auth, so b10-xfrout drops it and waits for a new session. In any case, this error indicates that there's something very wrong in the system, so it's advisable to check the over all status of the BIND 10 system.

The xfrout process silently dropped a request to transfer zone to given host. This is required by the ACLs. The %2 represents the IP address and port of the peer requesting the transfer, and the %3 represents the zone name and class.

The xfr request was rejected because the server was already handling the maximum number of allowable transfers as specified in the transfers_out configuration parameter, which is also shown in the log message. The request was immediately responded and terminated with an RCODE of REFUSED. This can happen for a busy xfrout server, and you may want to increase this parameter; if the server is being too busy due to requests from unexpected clients you may want to restrict the legitimate clients with ACL.

The xfrout process rejected (by REFUSED rcode) a request to transfer zone to given host. This is because of ACLs. The %2 represents the IP address and port of the peer requesting the transfer, and the %3 represents the zone name and class.

The xfrout daemon received a shutdown command from the command channel and will now shut down.

There was an error receiving the file descriptor for the transfer request from b10-auth. There can be several reasons for this, but the most likely cause is that b10-auth terminates for some reason (maybe it's a bug of b10-auth, maybe it's an intentional restart by the administrator), so depending on how this happens it may or may not be a serious error. But in any case this is not expected to happen frequently, and it's advisable to figure out how this happened if this message is logged. Even if this error happens xfrout will reset its internal state and will keep receiving further requests. So if it's just a temporary restart of b10-auth the administrator does not have to do anything.

The unix socket file xfrout needs for contact with the auth daemon already exists, and needs to be removed first, but there is a problem removing it. It is likely that we do not have permission to remove this file. The specific error is show in the log message. The xfrout daemon will shut down.

When shutting down, the xfrout daemon tried to clear the unix socket file used for communication with the auth daemon. It failed to remove the file. The reason for the failure is given in the error message.

There was an error while calling select() on the socket that informs the xfrout daemon that a new xfrout request has arrived. This should be a result of rare local error such as memory allocation failure and shouldn't happen under normal conditions. The error is included in the log message.

This informational message is output by xfrout when all initialization has been completed and it is entering its main loop.

There was a keyboard interrupt signal to stop the xfrout daemon. The daemon will now shut down.

The current transfer is aborted, as the xfrout daemon is shutting down.

While starting up, the xfrout daemon tried to clear the unix domain socket needed for contacting the b10-auth daemon to pass requests on, but the file is in use. The most likely cause is that another xfrout daemon process is still running. This xfrout daemon (the one printing this message) will not start.

Pre-response check for an incomding XFR request failed unexpectedly. The most likely cause of this is that some low level error in the data source, but it may also be other general (more unlikely) errors such as memory shortage. Some detail of the error is also included in the message. The xfrout server tries to return a SERVFAIL response in this case.

The transfer of the given zone has been completed successfully, or was aborted due to a shutdown event.

An uncaught exception was encountered while sending the response to an AXFR query. The error message of the exception is included in the log message, but this error most likely points to incomplete exception handling in the code.

A transfer out for the given zone failed. An error response is sent to the client. The given rcode is the rcode that is set in the error response. This is either NOTAUTH (we are not authoritative for the zone), SERVFAIL (our internal database is missing the SOA record for the zone), or REFUSED (the limit of simultaneous outgoing AXFR transfers, as specified by the configuration value Xfrout/max_transfers_out, has been reached).

A transfer out of the given zone has started.

An error was encountered on the command channel. The message indicates the nature of the error.

The value specified in the configuration for the refresh jitter is too large so its value has been set to the maximum of 0.5.

An informational message output when the zone manager was being run at a terminal and it was terminated via a keyboard interrupt signal.

This is a debug message indicating that the zone of the specified class is being loaded.

A command received by the zone manager from the Auth module did not contain the address of the master server from which a NOTIFY message was received. This may be due to an internal programming error; please submit a bug report.

When loading the named zone of the specified class the zone manager discovered that the data did not contain an SOA record. The load has been abandoned.

An attempt was made to stop the timer thread (used to track when zones should be refreshed) but it was not running. This may indicate an internal program error. Please submit a bug report.

A command received by the zone manager from another BIND 10 module did not contain the class of the zone on which the zone manager should act. This may be due to an internal programming error; please submit a bug report.

A command received by the zone manager from another BIND 10 module did not contain the name of the zone on which the zone manager should act. This may be due to an internal programming error; please submit a bug report.

This is a debug message indicating that the zone manager has received a NOTIFY command over the command channel. The command is sent by the Auth process when it is acting as a slave server for the zone and causes the zone manager to record the master server for the zone and start a timer; when the timer expires, the master will be polled to see if it contains new data.

This is a debug message indicating that the zone manager has received a SHUTDOWN command over the command channel from the Boss process. It will act on this command and shut down.

This is a warning message indicating that the zone manager has received the stated command over the command channel. The command is not known to the zone manager and although the command is ignored, its receipt may indicate an internal error. Please submit a bug report.

This is a debug message indicating that the zone manager has received an XFRIN FAILED command over the command channel. The command is sent by the Xfrin process when a transfer of zone data into the system has failed, and causes the zone manager to schedule another transfer attempt.

This is a debug message indicating that the zone manager has received an XFRIN SUCCESS command over the command channel. The command is sent by the Xfrin process when the transfer of zone data into the system has succeeded, and causes the data to be loaded and served by BIND 10.

The zone manager is refreshing the named zone of the specified class with updated information.

An attempt to wait for input from a socket failed. The failing operation is a call to the operating system's select() function, which failed for the given reason.

The zone manager attempted to send a command to the named BIND 10 module, but the send failed. The session between the modules has been closed.

The zonemgr process was not able to be started because it could not connect to the command channel daemon. The most usual cause of this problem is that the daemon is not running.

The zonemgr process was not able to be started because it timed out when connecting to the command channel daemon. The most usual cause of this problem is that the daemon is not running.

A debug message, output when the zone manager has shut down completely.

This informational message is output by zonemgr when all initialization has been completed and it is entering its main loop.

A debug message output when the zone manager starts up.

This message is issued when an attempt is made to start the timer thread (which keeps track of when zones need a refresh) but one is already running. It indicates either an error in the program logic or a problem with stopping a previous instance of the timer. Please submit a bug report.

An XFRIN operation has failed but the zone that was the subject of the operation is not being managed by the zone manager. This can be either the result of a bindctl command to transfer in a currently unknown (or mistyped) zone, or, if this error appears without the administrator giving transfer commands, it can indicate an error in the program, as it should not have initiated transfers of unknown zones on its own.

A NOTIFY was received but the zone that was the subject of the operation is not being managed by the zone manager. This may indicate an error in the program (as the operation should not have been initiated if this were the case). Please submit a bug report.

An XFRIN operation has succeeded but the zone received is not being managed by the zone manager. This may indicate an error in the program (as the operation should not have been initiated if this were the case). Please submit a bug report.