flushset: out of memory
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Fri Nov 10 23:22:29 UTC 2000
>
>
> Greetings,
>
> AIX 4.3.3
> BIND 8.2.2-p5
>
>
> Do you folks think this is due to security hole
> in 8.2.2-p5 which is fixed in 8.2.2-p7 ?
No. Though you should upgrade anyway.
All this indicates is that named asked for more memory from
the system than the system was willing to provide.
Use "options { datasize <value>; };" to request a higher limit.
Mark
>
>
>
> % egrep -i flush /var/log/messages
> Nov 10 12:58:39 ariel named[4644]: flushset: out of memory
> Nov 10 12:58:39 ariel named[4644]: flushset: out of memory
>
>
> Thanks,
> Farid
>
>
> ---------- Forwarded message ----------
> Date: Thu, 09 Nov 2000 19:39:01 -0800
> From: Paul A Vixie <vixie at mfnx.net>
> To: bind-announce at isc.org
> Subject: BIND 8.2.2-P7 release announcement
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> This is BIND 8.2.2-P7, a maintainance release addressing some defects in
> BIND 8.2.2-P5. It includes the mostly-unreleased BIND 8.2.2-P6 as well.
>
> Some highlights vs. BIND 8.2.2-P5:
>
> Fixes "ZXFR" denial of service attack
> Fixes "division by 0" denial of service attack
> Fix various other random problems
> Add *no* new functionality
>
> Distribution files are:
>
> ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-src.tar.gz
> ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-doc.tar.gz
> ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-contrib.tar.gz
>
> PGP signature files are:
>
> ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-src.tar.gz.asc
> ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-doc.tar.gz.asc
> ftp://ftp.isc.org/isc/bind/src/8.2.2-P7/bind-contrib.tar.gz.asc
>
> MD5 checksums are:
>
> MD5 (bind-contrib.tar.gz) = 51420e28ab025b3a28e4488e1318d299
> MD5 (bind-contrib.tar.gz.asc) = a55b10d415628bfa0d5a31deefb26900
> MD5 (bind-doc.tar.gz) = 6f26254fdd43e3d4b8b42062bb9766db
> MD5 (bind-doc.tar.gz.asc) = c3879bce186ff60710edcb3cddc2a444
> MD5 (bind-src.tar.gz) = 832669455e70a4b58e635b6b02e87910
> MD5 (bind-src.tar.gz.asc) = b4ae26fa5a3a552e2cb5ff03f2001d01
>
> top of CHANGES says:
>
> --- 8.2.2-P7 released ---
>
> 1048. [bug] ns_ctl_install() was corrupting the server_controls
> list.
>
> 1007. [bug] only set STREAM_AXFRIXFR if the original query is
> an IXFR.
>
> 982. [bug] rollback the compression pointers array when a
> RRset/RR does not fit.
>
> 962. [bug] another almost-complete rewrite of IXFR from kjd (462
> )
> [incorporate ZXFR DoS fix from #962]
>
> --- 8.2.2-P6 released ---
>
> 903. [bug] divide by zero bug when querying for SIG records from
> a secure zone.
>
> 902. [support] don't attempt to set q_fzone if we won't be using it.
>
> 901. [support] delay notify timer setting until all zones have been
> loaded.
>
> 900. [port] hpux10 fix call to bison; sco call bison consistenly.
>
> 899. [bug] dynamically allocate buffer used to display RR rather
> than uses a fixed sized one. grow as needed.
>
> 898. [bug] if truncation caused no RR's to appear in the answer
> we
> mis-classified the answer on a NODATA.
>
> 897. [support] descriptors used by named should not be inherited by
> named-xfer.
>
> 896. [contrib] add contrib/adm/adm-nxt, an exploit for the NXT bug
> in 8.2 and 8.2.1. as before, we do not recommend its
> use, and we do recommend that you run the latest BIND
> .
>
> --- 8.2.2-P5 released ---
>
> 895. [port] minor NT build and documentation improvements.
>
> 894. [bug] incorrect "key" statements in named.conf weren't
> handled properly.
>
> --- 8.2.2-P4 released ---
>
> 893. [bug] DNSSEC logic in bin/host broke -t any
>
> 892. [bug] multiple SOA on AXFR bug
>
> --- 8.2.2-P3 released ---
>
> 891. [bug] options { also-notify { ... }; }; resulted in wrong
> pointer being memput with the wrong size on reload.
>
> 890. [port] A/UX portability improved.
>
> 889. [port] added IPv6 portability for OpenBSD, NetBSD, FreeBSD.
>
> --- 8.2.2-P2 released (internal release) ---
>
> 888. [support] add default: all tag to top src/Makefile so that "mak
> e"
> will work properly in some OS'.
>
> 887. [bug] "dig ... axfr" was printing spurious "TSIG ok" msgs.
>
> 886. [support] top-level Makefile now included in all tarballs.
>
> 885. [support] IXFR improvements.
>
> 884. [bug] some deprecated NXT RR forms weren't ignored properly
> .
>
> 883. [support] "host" command can now try to verify dnssec signature
> s.
>
> 882. [contrib] dns_signer/ had some last minute problems (by author)
> .
>
> 881. [bug] possible sprintf() overflow prevented.
>
> 880. [support] minor tweak to bin/dig/dig.c TSIG code to clarify
> whether res_nsend or res_nsendsigned is being used.
>
> 879. [support] add "noesw" target to top-level Makefile (for PL1).
>
> 878. [port] aix4 HAS_INET6_STRUCTS was not being set based on the
> existance of _IN6_ADDR_STRUCT.
>
> 877. [port] freebsd + KAME need a different Makefile.set
> see INSTALL notes.
>
> 876. [port] IPv6 probe for MPE/IX, NetBSD.
>
> 875. [bug] bad NAPTR RRs could be loaded from zone files.
>
> 874. [port] update irix_patch in irix port.
>
> 873. [port] add SRC/tools to sco's make [std]links.
>
> --- 8.2.2-REL released ---
> ...
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface
>
> iQCVAwUBOgttf3cdkq6JcsfBAQGP0AQAtmrHU8c709cZnEG+TmKO4atAf1hsF7cB
> WQYCJM6D8mRVoI0nv7954Cwj0JORTWzal1OU6lv7cDtMPqUrJOXbP8iqUMrSMhe0
> HK6Mutc7/epkERxOG4xXjsUVTAcnowOQcuZ+8WrJU+y0LbUMN2O25k2KpVnPW7F6
> FmbDuagRqfI=
> =n5qY
> -----END PGP SIGNATURE-----
>
>
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list