Bind 9.3.4-P1 Crashing?

[Fr34k]

I had a similar issue on Solaris. Something was killing BIND9.3.4, that is.
  There was even a domino affect where other servers were crashing.
   
  In the interest of stability and services to customers, I rolled out upgrades before I could gather evidence to prove some type of abusive query to cause the crash.
  Like you, I did suspect some type of "packet-o-death".
   
  Since we upgraded to 9.4.x, that issue disappeared.
   
  With caching poisoning for anything less than 9.4.1-P1, I would think folks would want to run the latest/greatest version of BIND anyway. Mentioning this in case you need more ammo to get the blessings to upgrade.
   
  Take Care -- C
David Nolan <vitroth+ at cmu.edu> wrote:
  

--On October 16, 2007 6:43:58 AM +0200 Tony Earnshaw 
wrote:
>
> Looks like this could be Debian etch; FWIW Bind 9.4.1-P1 running on
> Fedora FC6 and RHEL5 x86_32 and 64, built from Adam Tkac's srpm, has
> been running stably with extended uptimes.
>
> Your problem could, perhaps, better be directed to your OS vendor.

Nope, this isn't Debian, its a locally built image. Our systems team 
builds the OS image, I built Bind myself.

We've been using the same kernel for months prior to the 9.3.4-P1 upgrade 
(7/24 when the vulnerability announcement happened). FWIW, these servers 
are processing 2-400 queries per second typically, and we've only seen this 
crash three times since the upgrade.

Simultaneous crashes on 2 machines providing the same virtual IP, on three 
separate occasions, really makes me suspicious of a new packet-of-death 
exploit, but unless it happens again and I get packet traces we can't prove 
that.

Thanks for the thought though, its definitely on my possibilities list.

-David Nolan
Network Software Designer
Computing Services
Carnegie Mellon University