SUMMARY: DNS Crashes on 5/1/98

From: Robert A. Hayden <rhayden_at_means.net>
Date: Thu, 07 May 1998 08:31:07 -0500 (CDT)

Thanks to:

        Kevin Oberman <oberman_at_es.net>
        Michael Mitchell <lizrdegg_at_email.unc.edu>
        Joseph C King <jking_at_chablis.cos.com>
        "Allen, Mark R (PBD)" <Mark.Allen_at_pbdir.com>
        Ben Maas <bmaas_at_brainerd.net>
        Stephen LaBelle <labelles_at_mscd.edu>
        Ann Cantelow <cantelow_at_athena.csdco.com>
        managers account <managers_at_mannet.mcb.net>
        "Sheryl A. Lemma" <lemma_at_lvc.edu>
        As well as several phone calls :-)

---
To summarize simply, a lot of people seemed to have the pre-packaged DNS
(named) installation die on Friday, May 1.  There is concern about some
kind of wide-scale Denial-of-Service attack, however, given the wide area
of the effect, I'm leaning more towards a bug in software that caused the
crash.  If it was an attack of some kind, it managed to hit many different
corners of the Internet at pretty much the same time.
Unfortunately, like many people, I deleted my core files for space
reasons.  If anyone that experienced the crash still has a copy of their
core, they might be handy for diagnosis purposes by a programmer more
skilled than I.
The crash seems to have occured with those systems runnning the
pre-packaged BIND 4.x installation.  Reports came in on both 3.2x and 4.0x
systems, so it doesn't seem to be OS-related.
The appropriate work-around seems to be to install BIND 8, which in
addition to addressing the bug with the DEC BIND, also adds some
additional security and operating features.  The source package can be
found at: http://www.isc.org/bind.html.  Installation is relatively
painless but time consuming, and please pay specific attention to the
changes in format of the named.boot file.
For our particular installations, we will be rotating these systems out
with new replacements soon to address Y2K and hardware-upgrade issues, so
we're taking a wait-and-see approach to this crash, and hoping it's a
one-time event.  Our new installations will be BIND 8 and would rather not
tackle a network-wide upgrade if we can bide our time a bit.
ORIGINAL MESSAGE:
I administrate several 3.2x OSF boxes all over the state and a rather odd
thing happened on Friday, May 1.  All of them suddenly had their DNS die
(the default 4.x BIND from the install package) leaving a big core file.
A simple clearing of the PID file and restart of the process fixed it, but
due to the size of the core files and the small / partitions, some
machines had....problems.
Anyways, I was wondering if there are any known bugs or such with the 3.2x
install BIND that might have caused this crash?  The long and the short is
that about 15 machines had BIND die, while the couple that I've upgraded
to BIND 8 lived just fine.
Most peculiar...
 
 
=-=-=-=-=-=
Robert Hayden			rhayden_at_means.net	       UIN: 3937211
IP Network Administrator	http://rhayden.means.net
MEANS Telcom			(612) 230-4416 

Received on Thu May 07 1998 - 16:32:20 NZST