From owner-freebsd-stable@FreeBSD.ORG Sun Dec 31 09:16:31 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3B7E816A407; Sun, 31 Dec 2006 09:16:31 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.freebsd.org (Postfix) with ESMTP id 369D213C442; Sun, 31 Dec 2006 09:16:28 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.4) with SMTP id UAA09579; Sun, 31 Dec 2006 20:03:54 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sun, 31 Dec 2006 20:03:54 +1100 (EST) From: Ian Smith To: Doug Barton In-Reply-To: <4596D4B5.5080004@FreeBSD.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: FreeBSD mailing list Subject: Re: BIND-9.3.2 (from 5.5-STABLE) segfault under load... X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Dec 2006 09:16:31 -0000 On Sat, 30 Dec 2006, Doug Barton wrote: > Chuck Swiger wrote: > > Hi-- > > > > I had named segfault a day or so ago under high load ("adnslogres -c > > 200" against a webserver logfile) after logging the following: > > Hard to tell if your problem here is related to running on 5.5 or not, > but of course recommendation number one is to consider upgrading to > 6.x. Recommendation number two is to upgrade BIND to 9.3.3, preferably > by upgrading to 6.2-RC2, or by upgrading to the head of RELENG_5, or > as a last resort by using the port, with or without the option to > replace the base BIND. Similarly to Chuck (but on a much smaller scale :) with 'BIND 9.3.2-P2 -u bind -t /var/named' on 5.5-STABLE #0: Sun Nov 19 20:22:12 EST 2006 No real issues apart from inability to get trace and/or querylog working yet, but I'll leave that until after upgrading as advised first .. But .. cut to > > Named is being invoked via "-4 -u bind -c named.conf -t /var/named"; but > > it could not dump core as /var/named is owned by root. > > Check out the dump-file directive in the ARM. I have a directory in > the chroot called /var/dump, owned by the bind user, and the following > in my named.conf: > > options { > ... > dump-file "/var/dump/named_dump.db"; > ... > }; Standard issue unless Chuck disabled it. 'rndc dumpdb' dumps cache and zones to (seen from outside) /var/named/var/dump/named_dump.db fine. But how would you tell named to drop its core there? > > I've changed > > that temporarily so I ought to be able to get a corefile if I can > > reproduce it. Would letting bind own the chroot dir adversely affect the security of the sandbox re breaking chroot? (temporarily) It looks like you'd have to hack /etc/rc.d/named to stop it mtree'ing '.' ownership back to root anyway? > See above. > > > As the subject mentions, this is a Dell 1850 (rackmount PowerEdge) > > running FreeBSD-5.5 & BIND-9.3.2; until just now, everything had been > > running stably for months at a time. > > I assume you've checked the usual suspects, dead fans, other hardware > problems, etc? > > > hth, > > Doug Cheers, Ian