From owner-freebsd-questions Fri Apr 20 17:45:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from w2xo.pgh.pa.us (18.gibs5.xdsl.nauticom.net [209.195.184.19]) by hub.freebsd.org (Postfix) with ESMTP id BFAEF37B42C for ; Fri, 20 Apr 2001 17:45:12 -0700 (PDT) (envelope-from durham@w2xo.pgh.pa.us) Received: from shazam (shazam [192.168.5.3]) by w2xo.pgh.pa.us (8.11.2/8.9.3) with ESMTP id f3L0hnq08154; Sat, 21 Apr 2001 00:43:49 GMT (envelope-from durham@w2xo.pgh.pa.us) Date: Fri, 20 Apr 2001 20:49:21 -0400 (EDT) From: Jim Durham X-Sender: durham@shazam.int To: Shawn Ramsey Cc: Beech Rintoul , questions@FreeBSD.ORG Subject: Re: named dying In-Reply-To: <006901c0c9d0$930ff150$2248a93f@Shawn100> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 20 Apr 2001, Shawn Ramsey wrote: > > > > On Friday 20 April 2001 11:00, Shawn Ramsey wrote: > > > Apr 20 11:54:31 lucas named[44634]: starting. named 8.2.3-T6B Mon Nov > 20 > > > 11:27 > > > Apr 20 11:54:31 lucas named[44634]: limit files set to fdlimit (1024) > > > Apr 20 11:54:32 lucas named[44635]: Ready to answer queries. > > > > > > > > > Can anyone tell me why this may be doing this? It is crashing every few > > > days... named is under very little load. > > > > > > sysctl -a |grep maxfiles : > > > > > > kern.maxfiles: 2048 > > > > > > > > > I thought the fdlimit was if maxfiles wasn't set high enough, but it is. > > > Any ideas? > > > > Upgrade to 8.2.3-REL its in the ports under /usr/ports/net/bind8. > > > > You may be getting hacked, causing named to crash. > > Ok, I just upgraded it.. Actually I had already compiled it, but hadn't > install it yet since it was still giving the fdlimit message. And BTW, the > person who asked what syslog shows when it crashes, it shows nothing. Since > the server has been up, these messages have shown up in dmesg : > > pid 141 (named), uid 0: exited on signal 10 (core dumped) > pid 25103 (named), uid 0: exited on signal 11 (core dumped) > pid 41257 (named), uid 53: exited on signal 11 > pid 11938 (named), uid 53: exited on signal 11 Be careful about one thing. If you compiled it from the ISC sources, it will install in /usr/sbin as a default. REMOVE THE OLD VERSION in /sbin. Otherwise, if you reboot, it will go back to the old version because of the named_enable scripts in rc.conf. I had the exact same symptoms as you and couldn't understand it because I was running 8.3-REL (I thought). That's when I discovered that a reboot had started the old version. I think it may be someone trying the Linux exploit and just managing to crash the name server, but their script bombs on FreeBSD. Just a guess.. -Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message