Bind 9.3.4-P1 Crashing?
Fr34k
freaknetboy at yahoo.com
Tue Oct 16 19:40:12 UTC 2007
I had a similar issue on Solaris. Something was killing BIND9.3.4, that is.
There was even a domino affect where other servers were crashing.
In the interest of stability and services to customers, I rolled out upgrades before I could gather evidence to prove some type of abusive query to cause the crash.
Like you, I did suspect some type of "packet-o-death".
Since we upgraded to 9.4.x, that issue disappeared.
With caching poisoning for anything less than 9.4.1-P1, I would think folks would want to run the latest/greatest version of BIND anyway. Mentioning this in case you need more ammo to get the blessings to upgrade.
Take Care -- C
David Nolan <vitroth+ at cmu.edu> wrote:
--On October 16, 2007 6:43:58 AM +0200 Tony Earnshaw
wrote:
>
> Looks like this could be Debian etch; FWIW Bind 9.4.1-P1 running on
> Fedora FC6 and RHEL5 x86_32 and 64, built from Adam Tkac's srpm, has
> been running stably with extended uptimes.
>
> Your problem could, perhaps, better be directed to your OS vendor.
Nope, this isn't Debian, its a locally built image. Our systems team
builds the OS image, I built Bind myself.
We've been using the same kernel for months prior to the 9.3.4-P1 upgrade
(7/24 when the vulnerability announcement happened). FWIW, these servers
are processing 2-400 queries per second typically, and we've only seen this
crash three times since the upgrade.
Simultaneous crashes on 2 machines providing the same virtual IP, on three
separate occasions, really makes me suspicious of a new packet-of-death
exploit, but unless it happens again and I get packet traces we can't prove
that.
Thanks for the thought though, its definitely on my possibilities list.
-David Nolan
Network Software Designer
Computing Services
Carnegie Mellon University
More information about the bind-users
mailing list