From owner-freebsd-isp  Tue Apr  3  9:56:49 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from misery.sdf.com (misery.sdf.com [204.244.213.49])
	by hub.freebsd.org (Postfix) with ESMTP id 6C02737B71D
	for <freebsd-isp@freebsd.org>; Tue,  3 Apr 2001 09:56:46 -0700 (PDT)
	(envelope-from tom@sdf.com)
Received: from tom (helo=localhost)
	by misery.sdf.com with local-esmtp (Exim 2.12 #1)
	id 14kU3K-0003Zq-00; Tue, 3 Apr 2001 09:53:10 -0700
Date: Tue, 3 Apr 2001 09:53:07 -0700 (PDT)
From: Tom Samplonius <tom@sdf.com>
To: Marcel Lemmen <marcel@support.nl>
Cc: David Rhodus <sdrhodus@wildcatblue.com>, freebsd-isp@FreeBSD.ORG
Subject: Re: Named Keep crashing.
In-Reply-To: <Pine.LNX.4.21.0104031305100.17683-100000@unit11.support.nl>
Message-ID: <Pine.BSF.4.05.10104030950150.9515-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Tue, 3 Apr 2001, Marcel Lemmen wrote:

> It seems this is a heavily-used machine, since the icmp-responce bandwidth 
> limit is exceeded. Try to increase this limit:
> sysctl -w net.inet.icmp.icmplim=500
>
> This should prevent named to crash.

  No.  ICMP port unreachable messages are being sent out because named is
dead, but clients keep sending requests.  Unless you want your machine to
be used as part of a DDoS, you should keep the ICMP limiting in place.

  Named is crashing because there are several versions with a known remote
crash bug, and versions with a remote exploit.  


Tom


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message