Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Jan 2010 11:49:51 -0800
From:      Chuck Swiger <cswiger@mac.com>
To:        James Smallacombe <up@3.am>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: named "error sending response: not enough free resources"
Message-ID:  <979FD2CE-FCCE-4C61-8FA8-74D75E091C43@mac.com>
In-Reply-To: <alpine.BSF.2.00.1001271322250.29151@ns3.pil.net>
References:  <alpine.BSF.2.00.1001271322250.29151@ns3.pil.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 27, 2010, at 10:24 AM, James Smallacombe wrote:
> NOTE: Please reply off-list as well as I am not subscribed

OK.  In return, please don't cross-post or multi-post the same question to multiple FreeBSD lists.

> My server (7.2-STABLE) suffered at least two outages Sunday through yesterday after having been up since July (it is a rented dedicated server with my FSBD install).  The first time, I was able to log in via remotely, saw a ton of spam apparently abusing a php mail form script (more on that later) filling the /var partition.  I purged it, but it still required a reboot as CPU was through the roof.

See "man pkill" for an easier way to terminate processes short of rebooting.  Depending on just how badly this PHP script was being taken advantage of and how closely you've been tracking security updates, it's possible that your machine might have been compromised.

> Yesterday morning, I was unable to get into the server at all...pings were very high.  I called the provider and got in via KVM over IP.  CPU was fine and there wre no full partitions.  As I had to catch a flight, I just rebooted it and it was fine.
> 
> After getting home, I looked in the syslog and see thousands of these:
> 
> Jan 26 21:50:32 host named[667]: client <IP REMOVED>#57938: error sending response: not enough free resources
> Jan 26 21:50:32 host named[667]: client <IP REMOVED>#59830: error sending response: not enough free resources

Were these client IPs expected to be talking to this machine?  It indicates a problem sending UDP traffic; netstat -s output would be informative.  You might find that setting options in named.conf to tune the # of outstanding queries will help:

 clients-per-query 10;
 max-clients-per-query 20;

Doing a tcpdump and examining the queries to see what DNS resources are being requested would also be useful.

Regards,
-- 
-Chuck




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?979FD2CE-FCCE-4C61-8FA8-74D75E091C43>