Date: Fri, 20 Apr 2001 20:49:21 -0400 (EDT) From: Jim Durham <durham@w2xo.pgh.pa.us> To: Shawn Ramsey <shawn@cpl.net> Cc: Beech Rintoul <akbeech@anchoragerescue.org>, questions@FreeBSD.ORG Subject: Re: named dying Message-ID: <Pine.BSF.4.21.0104202043220.96223-100000@shazam.int> In-Reply-To: <006901c0c9d0$930ff150$2248a93f@Shawn100>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Apr 2001, Shawn Ramsey wrote: > > > > On Friday 20 April 2001 11:00, Shawn Ramsey wrote: > > > Apr 20 11:54:31 lucas named[44634]: starting. named 8.2.3-T6B Mon Nov > 20 > > > 11:27 > > > Apr 20 11:54:31 lucas named[44634]: limit files set to fdlimit (1024) > > > Apr 20 11:54:32 lucas named[44635]: Ready to answer queries. > > > > > > > > > Can anyone tell me why this may be doing this? It is crashing every few > > > days... named is under very little load. > > > > > > sysctl -a |grep maxfiles : > > > > > > kern.maxfiles: 2048 > > > > > > > > > I thought the fdlimit was if maxfiles wasn't set high enough, but it is. > > > Any ideas? > > > > Upgrade to 8.2.3-REL its in the ports under /usr/ports/net/bind8. > > > > You may be getting hacked, causing named to crash. > > Ok, I just upgraded it.. Actually I had already compiled it, but hadn't > install it yet since it was still giving the fdlimit message. And BTW, the > person who asked what syslog shows when it crashes, it shows nothing. Since > the server has been up, these messages have shown up in dmesg : > > pid 141 (named), uid 0: exited on signal 10 (core dumped) > pid 25103 (named), uid 0: exited on signal 11 (core dumped) > pid 41257 (named), uid 53: exited on signal 11 > pid 11938 (named), uid 53: exited on signal 11 Be careful about one thing. If you compiled it from the ISC sources, it will install in /usr/sbin as a default. REMOVE THE OLD VERSION in /sbin. Otherwise, if you reboot, it will go back to the old version because of the named_enable scripts in rc.conf. I had the exact same symptoms as you and couldn't understand it because I was running 8.3-REL (I thought). That's when I discovered that a reboot had started the old version. I think it may be someone trying the Linux exploit and just managing to crash the name server, but their script bombs on FreeBSD. Just a guess.. -Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104202043220.96223-100000>