Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 01 Aug 2001 09:57:11 -0400
From:      Aaron Bush <abush@microcenter.com>
To:        freebsd-security@freebsd.org
Subject:   named exited on signal 6?
Message-ID:  <3B680AB7.6972CC43@mail.microcenter.com>

next in thread | raw e-mail | index | archive | help
In my system messages i have the following entry:
Jul 28 12:37:30 tosh /kernel: pid 165 (named), uid 53: exited on signal
6

This box is running:
4.3-RELEASE FreeBSD 4.3-RELEASE #4: Fri May 18 14:27:31 EDT 2001

Name server is:
# named -v
named 8.2.3-REL Sat Apr 21 08:32:02 GMT 2001
        jkh@narf.osd.bsdi.com:/usr/obj/usr/src/usr.sbin/named

My dmesg output also appears to be a little messed up (or is this
normal):
# dmesg|head -1 
ntroller> port 0x2480-0x249f irq 15 at device 12.2 on pci0

It appears that the first line of the dmesg is truncated.  Is this the
normal behavior?

Also the "security check output" emails to root show that the problem in
dmesg is adjusting more and more every day?
examples:

<-snip- day 1>
 kernel log messages:
> el 82371AB PCI to ISA bridge> at device 12.0 on pci0

<-snip- day 2>
 kernel log messages:
>  <ISA bus> on isab0
        
<-snip- day 3>
 kernel log messages:
>  irq 14 on atapci0

I have never seen this type of kernel log messages _until_ the day the
DNS died.
After the DNS died several messages were written like this:
> Limiting icmp unreach response from 211 to 200 packets per second
> Limiting icmp unreach response from 211 to 200 packets per second
which was caused when an IP to hostname script ran without a DNS server
being available, I am assuming that this message is normal but the
continuing kernel log messages showing the truncated lines from the head
of dmesg are not?  Or are they?

A major concern of mine is with the security of named and why it died?

ps shows: /usr/sbin/named -u bind -g bind -t /etc/namedb/sandbox

/etc/rc.conf has:
named_enable="YES"
named_flags="-u bind -g bind -t /etc/namedb/sandbox"

/etc/namedb/sandbox/etc/namedb/named.conf has this:
Forwarders IP's have been replaced (is the "directory" option wrong?).
options {
        directory "/etc/namedb";
        forward only;
        forwarders {
                x.x.x.1;
                x.x.x.2;
                x.x.x.3;
        };
        
        listen-on {
                127.0.0.1;
        };
};
zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "localhost.rev";
};

zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT"
{
        type master;
        file "localhost.rev";
};


Thanks,
-ab

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B680AB7.6972CC43>