From owner-freebsd-questions@FreeBSD.ORG Wed Jan 27 19:50:04 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B76BF106566C for ; Wed, 27 Jan 2010 19:50:04 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout028.mac.com (asmtpout028.mac.com [17.148.16.103]) by mx1.freebsd.org (Postfix) with ESMTP id A18C18FC2A for ; Wed, 27 Jan 2010 19:50:04 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=us-ascii Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp028.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KWX007ED8F3U120@asmtp028.mac.com> for freebsd-questions@freebsd.org; Wed, 27 Jan 2010 11:49:55 -0800 (PST) X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1001270158 From: Chuck Swiger In-reply-to: Date: Wed, 27 Jan 2010 11:49:51 -0800 Message-id: <979FD2CE-FCCE-4C61-8FA8-74D75E091C43@mac.com> References: To: James Smallacombe X-Mailer: Apple Mail (2.1077) Cc: freebsd-questions@freebsd.org Subject: Re: named "error sending response: not enough free resources" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jan 2010 19:50:04 -0000 On Jan 27, 2010, at 10:24 AM, James Smallacombe wrote: > NOTE: Please reply off-list as well as I am not subscribed OK. In return, please don't cross-post or multi-post the same question to multiple FreeBSD lists. > My server (7.2-STABLE) suffered at least two outages Sunday through yesterday after having been up since July (it is a rented dedicated server with my FSBD install). The first time, I was able to log in via remotely, saw a ton of spam apparently abusing a php mail form script (more on that later) filling the /var partition. I purged it, but it still required a reboot as CPU was through the roof. See "man pkill" for an easier way to terminate processes short of rebooting. Depending on just how badly this PHP script was being taken advantage of and how closely you've been tracking security updates, it's possible that your machine might have been compromised. > Yesterday morning, I was unable to get into the server at all...pings were very high. I called the provider and got in via KVM over IP. CPU was fine and there wre no full partitions. As I had to catch a flight, I just rebooted it and it was fine. > > After getting home, I looked in the syslog and see thousands of these: > > Jan 26 21:50:32 host named[667]: client #57938: error sending response: not enough free resources > Jan 26 21:50:32 host named[667]: client #59830: error sending response: not enough free resources Were these client IPs expected to be talking to this machine? It indicates a problem sending UDP traffic; netstat -s output would be informative. You might find that setting options in named.conf to tune the # of outstanding queries will help: clients-per-query 10; max-clients-per-query 20; Doing a tcpdump and examining the queries to see what DNS resources are being requested would also be useful. Regards, -- -Chuck