From owner-freebsd-questions Sun May 13 21:54:17 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail6.mmcable.com (fe6.rdc-kc.rr.com [24.94.163.53]) by hub.freebsd.org (Postfix) with ESMTP id 7F52A37B423 for ; Sun, 13 May 2001 21:54:13 -0700 (PDT) (envelope-from jbaxter@mmcable.com) Received: from mmcable.com ([65.26.204.59]) by mail6.mmcable.com with Microsoft SMTPSVC(5.5.1877.537.53); Sun, 13 May 2001 23:54:07 -0500 Message-ID: <3AFF6511.E1A8B996@mmcable.com> Date: Sun, 13 May 2001 23:54:41 -0500 From: John Baxter X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: Ted Mittelstaedt Cc: "Dan Mahoney, System Admin" , Kris Kennaway , questions@FreeBSD.ORG Subject: Re: onitoring named References: <001901c0dc30$8da1b560$1401a8c0@tedm.placo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG you should visit cert.org and search for 'lion worm'. it is a chinese hack kit. Ted Mittelstaedt wrote: > > You might check into the system ram that the named process is > using for it's cache. You may be overflowing an internal table > or so. What are your MAXUSERS set to in the kernel and do you > have any other kernel variables defined? > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com > > >-----Original Message----- > >From: owner-freebsd-questions@FreeBSD.ORG > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Dan Mahoney, > >System Admin > >Sent: Saturday, May 12, 2001 9:49 AM > >To: Kris Kennaway > >Cc: questions@FreeBSD.ORG > >Subject: Re: onitoring named > > > > > >On Fri, 11 May 2001, Kris Kennaway wrote: > > > >> On Sat, May 12, 2001 at 01:17:56AM -0400, Dan Mahoney, System > >Admin wrote: > >> > Hi all. I noticed recently that I've had a high occurence of > >named dying > >> > on various machines. What would I put in a crontab to restart > >it only if > >> > it's not running? I'm not sure how to format the if statement. > > > >Okay, on a freeBSD 3.2-Release server I found an implementation of NDC > >that was written as a (buggy, but easily fixed) shell script. I have > >installed this on my 4.2 boxen as "shndc", and run it from a crontab every > >20 minutes. > > > >My nameservers are both very secure dedicated machines that, other than > >webmin (boss's requirement) run nothing but DNS service. Occasionally I > >see them die on signal 11, more often with no explanation at all. These > >are the latest version, running in the most secure fashion I can get info > >on. (chrooted as an unprivileged user, with quotas). Has anyone else had > >problems with named dying? > > > >-Dan > > > >> > >> Aren't you at all worried WHY they're dying? I bet you're running > >> older versions than 8.2.3-RELEASE and you're suffering the effects of > >> (attempted, possibly successful) root penetration. > >> > >> Kris > >> > > > >-- > > > >I am now a lesbian. I don't like men, but thank you for writing. > > > >-Reply to my response to a personal ad, May 30th, 1998. > > > > > >--------Dan Mahoney-------- > >Techie, Sysadmin, WebGeek > >Gushi on efnet/undernet IRC > >ICQ: 13735144 AIM: LarpGM > >Web: http://prime.gushi.org > >finger danm@prime.gushi.org > >for pgp public key and tel# > >--------------------------- > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message