Original question at end.
Thanks to the informative answers from:
John P Speno - denial of service attack on 8.2.1 BIND. Upgrade.
Larry Clegg - Has had no problems so far with TRU5.0
Niels Kokholm - block message comes from system calls. Use alpha-trace
to see what happens before core dump
Sean O'Connell - Several denial of service attacks on 8.2.1. Upgrade.
Use lsof to find what fd's are being held open.
(Incidentally I find that the best way to get this info is
lsof -P | grep :53)
Mike Iglesias - Upgrade because of CERT CA-99-14 Multiple
vulnerabilities of BIND
Nikola Milutinovic - blocking comes from lower level like hardware
drivers or kernel subsystems. Perhaps try older
version of BIND
We have upgraded to 8.2.2 this morning and have noted the trace and lsof
suggestions if same problem appears with new version. Thankyou.
Original:
We run 8.2.1 as the main nameserver and are experiencing it crashing about
once every two days. It just dies; there are no indications of why in any
log. We have had the trace at level one which generates 70mb output per
day but nothing shows. We are still looking so any ideas are welcome.
However the main problem is that when this happens we cannot just restart
named either via /sbin/init.d/named or ndc as the program immediately
fails and core dumps with the message
"operation would block"
I have used "strings" on the core dump but there is nothing obvious to
indicate what is blocking what. How do I find out what process is holding
up the restart or what is needed to get BIND going again please? The only
solution appears to be a full reboot which has its own problems doing this
remotely at 3 o'clock in the morning!
stuart mckenzie
Received on Thu Jan 13 2000 - 11:13:51 NZDT