DoS crashes named with too many open files?

[Simon Waters]

ryan wrote:
> 
> I currently have a ongoing problem with one of our recursive
> nameservers
> 
> When I got onto the box last night (Solaris 8 running 8.2.3) I found
> the following messages in the logs....

8.2.3 had a problem with certain types of incorrect delegation
causing query storms, but that shouldn't create connections (I
assume TCP?) unless the queries themselves are bigger than 512.

Still I'd probably upgrade anyway, I think 8.2.3.1 fixed it, but
just get the latest version of 8.

If the machine isn't very stressed in "normal" operation I'd
recommend 9, but sounds like these boxes might be busy beasts
and 9 is slower and greedier.

> Is there anything I can do either in named or Solaris to avoid this
> type of attack happening again?

9 has option tcp-clients, defaults to 100, although I've never
(knowingly) used it in anger. I think this is new in 9.

I'll leave Solaris settings to the experts.

> In turns out that one of the offending customers had an open mail
> relay I don't know if this is significant to my problem.

I'd check the other one doesn't have an open relay as well.