Buffer underrun? New exploit? Or did my server just crash?
Vasiliy Boulytchev
vasiliy at boulytcheva.com
Thu Oct 3 20:16:00 UTC 2002
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Ladies and Gents,
I'm having a bad problem. I'm running Bind 9.2.1 As soon as I
start named, I get the following (and MUCH MORE of the same messages) in
my syslog:
Oct 3 13:35:45 minnesota kernel: NET: 127 messages suppressed.
Oct 3 13:35:45 minnesota kernel: Neighbour table overflow.
Oct 3 13:35:45 minnesota named[12582]: client 208.133.28.4#1043: error
sending response: not enough free resources
Oct 3 13:35:45 minnesota named[12582]: client 208.133.28.4#1043: error
sending response: not enough free resources
Oct 3 13:35:45 minnesota named[12582]: client 140.90.81.18#33712: error
sending response: not enough free resources
Oct 3 13:35:46 minnesota named[12582]: client 209.12.34.183#6654: error
sending response: not enough free resources
Oct 3 13:35:47 minnesota named[12582]: client 208.133.28.4#1043: error
sending response: not enough free resources
Oct 3 13:35:47 minnesota named[12582]: client 208.133.28.4#1043: error
sending response: not enough free resources
Oct 3 13:35:47 minnesota named[12582]: client 209.12.34.183#53: error
sending response: not enough free resources
Oct 3 13:35:47 minnesota named[12582]: client 140.90.50.100#1025: error
sending response: not enough free resources
Oct 3 13:35:47 minnesota named[12582]: client 64.83.223.2#52392: error
sending response: not enough free resources
Oct 3 13:35:48 minnesota named[12582]: client 208.133.28.5#53: error
sending response: not enough free resources
Oct 3 13:35:48 minnesota named[12582]: client 207.229.143.1#1077: error
sending response: not enough free resources
Oct 3 13:35:49 minnesota named[12582]: lame server resolving
'81.2.246.64.in-addr.arpa' (in '2.246.64.in-addr.arpa'?): 216.88.76.6#53
Oct 3 13:35:49 minnesota named[12582]: lame server resolving
'81.2.246.64.in-addr.arpa' (in '2.246.64.in-addr.arpa'?): 216.88.77.7#53
Oct 3 13:35:49 minnesota named[12582]: lame server resolving
'81.2.246.64.in-addr.arpa' (in '2.246.64.in-addr.arpa'?): 216.88.76.6#53
Oct 3 13:35:49 minnesota named[12582]: lame server resolving
'81.2.246.64.in-addr.arpa' (in '2.246.64.in-addr.arpa'?): 216.88.77.7#53
Tons of messages like that from many different ips. So my question
follows............. The way bind logs its requests, does the "client
0.0.0.0#port" tell you the source request for named[pid]. I can't think
of anything else. Also, dns, DOES work if I start it. I can querry the
server and everything in that nature. Btw, what does "lame server
resolving" mean? Also, just for the record, I've upgraded the server
with more ram, but as of the upgrade (i think), I've been getting a
memory leak, and I'm 100 percent positive its comming from named,
because if I keep the service down, syslog is fine, but as soon as I
turnit on, hell breaks loose. Any suggestions?
THANKS FOR YOUR HELP!!!
Vasiliy Boulytchev
IT Engineer
(719) 473-2800 x15
-- Binary/unsupported file stripped by Ecartis --
-- Type: image/jpeg
-- File: CITmark-2_128colorSmaller.jpg
More information about the bind-users
mailing list