From owner-freebsd-questions Mon Feb 12 12:10:49 2001 Delivered-To: freebsd-questions@freebsd.org Received: from news.lucky.net (news.lucky.net [193.193.193.102]) by hub.freebsd.org (Postfix) with ESMTP id 736EF37B4EC for ; Mon, 12 Feb 2001 12:10:30 -0800 (PST) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id WDZ23944 for freebsd-questions@freebsd.org; Mon, 12 Feb 2001 22:10:23 +0200 (envelope-from news@news.ntu-kpi.kiev.ua) From: "Andrey Simonenko" To: freebsd-questions@freebsd.org Subject: Re: Question: bind / named problem Date: Mon, 12 Feb 2001 20:39:16 +0300 Organization: NTUU "KPI" Message-ID: <969ama$mai$1@igloo.uran.net.ua> References: X-Trace: igloo.uran.net.ua 982003210 22866 10.18.54.109 (12 Feb 2001 18:40:10 GMT) X-Complaints-To: newsmaster@news.ntu-kpi.kiev.ua X-Newsreader: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The same result with named 8.2.3-T6B, before named crash I run it with -u bind -g bind, but don't think that it can cause it, because with -u bind -g bind worked during 3 days (I keep only master name servers for some domains). I think that it is bug, because named nothing reported to log file about any problem. May be that problem is fixed in named 8.2.3-REL, which I CVSuped, but didn't test yet. Scott Hyjek wrote in message news:C7C1A68CCDF6D311BFE000508B95B48C02E5250C@apollo.rbmg.com... > This message is in MIME format. Since your mail reader does not understand > this format, some or all of this message may not be legible. > > ------_=_NextPart_001_01C09502.4BBD1510 > Content-Type: text/plain; > charset="iso-8859-1" > > Any information or guidance would be appreciated. We've experienced a > problem on our external DNS twice now (last thursday and Sunday). Name > resolution ceases and we receive the following: > quentin/kernel: pid 104 (named), uid 0: exited on signal 6 (core dumped) > This server has run fine for many many months and we've only recently (as > above) encountered this problem. No hardware or software changes have > occured. > Lastly, we're aware of the current Bind vulnerability and plan to upgrade to > eliminate it. However, we'd like some guidance (if any is available) as to > how to determine if we've been exploited in such a manner. Thanks. > > > Scott Hyjek > "Little Man...Big Attitude" > Network Engineering > 803-741-3101 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message