Re: bind unexpectedly quit, how to debug
Hi there, On Tue, 9 May 2017, Paul Seward wrote: ... I'm not so much asking for a fix as asking how I can find more information. ... grep '\(released\|security\)' bind-9.10.5/CHANGES | head -n 90 -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind unexpectedly quit, how to debug
Paul Sewardwrote: > > I thought I might get that sort of response, I'm not so much asking for a > fix as asking how I can find more information. It'll be one of the 42 CVEs in the table at the top of this page: https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html I think all of them probably apply to the version you are running. However you are running a version with Red Hat's mystery meat patches, so the vulnerabilities in what you are running won't match the nominal ISC version number. If you are running a service based on Red Hat's code, you should really be paying for support from Red Hat. If that isn't an option, use Carl Byington's RPMs instead. > but until then I need to show management that I've done my due diligence > into investigating the root cause. Well the root cause is that your management aren't supporting your routine security patch process! Tony. -- f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode North Shannon, Rockall, Malin, South Hebrides: Variable, mainly easterly at first, 3 or 4. Slight or moderate. Fair. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind unexpectedly quit, how to debug
Hi Jim, I thought I might get that sort of response, I'm not so much asking for a fix as asking how I can find more information. We're in the process of migrating from this version of bind to something more recent - and may well use this incident as a lever to speed up some of the political hurdles involved in doing so - but until then I need to show management that I've done my due diligence into investigating the root cause. So if anyone has any suggestions for how I can get more information about what's triggering the crash I would still welcome them. -Paul On 9 May 2017 at 11:04, Jim Reidwrote: > > > On 9 May 2017, at 10:47, Paul Seward wrote: > > > > We've got some recursive-only servers running bind 9.8.1 on CentOS 6.9 > (using 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.1 from the CentOS repos) > > > > They've unexpectedly quit a couple of times in the last month, leaving > errors like this in the logs: > > Come back when you see the same problem with a current version of BIND (ie > 9.10 or 9.11). Version 9.8 has been dead for a while and many of its bugs > have been fixed in newer releases. > > -- -- Paul Seward,Senior Systems Administrator,University of Bristol paul.sew...@bristol.ac.uk +44 (0)117 39 41148GPG Key ID: E24DA8A2 GPG Fingerprint:7210 4E4A B5FC 7D9C 39F8 5C3C 6759 3937 E24D A8A2 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users