From owner-freebsd-security Wed Aug 1 6:41:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from www.microelectronics.com (www.microelectronics.com [4.18.26.20]) by hub.freebsd.org (Postfix) with ESMTP id 74EA737B401 for ; Wed, 1 Aug 2001 06:41:14 -0700 (PDT) (envelope-from abush@microcenter.com) Received: from zul.microcenter.com (zul.microcenter.com [4.18.26.10]) by www.microelectronics.com (Pro-8.9.3/Pro-8.9.3) with SMTP id JAA16455 for ; Wed, 1 Aug 2001 09:41:16 -0400 Received: from sysadm.microcenter.com by zul.microcenter.com via smtpd (for www.microelectronics.com [4.18.26.20]) with SMTP; 1 Aug 2001 13:38:31 UT Received: from mail.microcenter.com (anbhpc.microcenter.com [10.10.29.94]) by sysadm.microcenter.com (8.8.5/8.8.5) with ESMTP id JAA18761 for ; Wed, 1 Aug 2001 09:40:59 -0400 (EDT) Message-ID: <3B680AB7.6972CC43@mail.microcenter.com> Date: Wed, 01 Aug 2001 09:57:11 -0400 From: Aaron Bush X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: named exited on signal 6? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In my system messages i have the following entry: Jul 28 12:37:30 tosh /kernel: pid 165 (named), uid 53: exited on signal 6 This box is running: 4.3-RELEASE FreeBSD 4.3-RELEASE #4: Fri May 18 14:27:31 EDT 2001 Name server is: # named -v named 8.2.3-REL Sat Apr 21 08:32:02 GMT 2001 jkh@narf.osd.bsdi.com:/usr/obj/usr/src/usr.sbin/named My dmesg output also appears to be a little messed up (or is this normal): # dmesg|head -1 ntroller> port 0x2480-0x249f irq 15 at device 12.2 on pci0 It appears that the first line of the dmesg is truncated. Is this the normal behavior? Also the "security check output" emails to root show that the problem in dmesg is adjusting more and more every day? examples: <-snip- day 1> kernel log messages: > el 82371AB PCI to ISA bridge> at device 12.0 on pci0 <-snip- day 2> kernel log messages: > on isab0 <-snip- day 3> kernel log messages: > irq 14 on atapci0 I have never seen this type of kernel log messages _until_ the day the DNS died. After the DNS died several messages were written like this: > Limiting icmp unreach response from 211 to 200 packets per second > Limiting icmp unreach response from 211 to 200 packets per second which was caused when an IP to hostname script ran without a DNS server being available, I am assuming that this message is normal but the continuing kernel log messages showing the truncated lines from the head of dmesg are not? Or are they? A major concern of mine is with the security of named and why it died? ps shows: /usr/sbin/named -u bind -g bind -t /etc/namedb/sandbox /etc/rc.conf has: named_enable="YES" named_flags="-u bind -g bind -t /etc/namedb/sandbox" /etc/namedb/sandbox/etc/namedb/named.conf has this: Forwarders IP's have been replaced (is the "directory" option wrong?). options { directory "/etc/namedb"; forward only; forwarders { x.x.x.1; x.x.x.2; x.x.x.3; }; listen-on { 127.0.0.1; }; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; file "localhost.rev"; }; Thanks, -ab To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message