dsimco
asked on
BIND 9.2 on RH box keeps stopping with 'message.c:809: REQUIRE(*rdataset == ((void *)0)) failed - exiting (due to assertion failure)
I have 2 namesserver running same OS and same version of BIND 9.2. These nameservers have been running for a year or so without incident. Recently we changed circuit providers and our IP range changed. I made all the necessary changes on both nameservers and they ran fine for about a week or two. But now BIND stops running randomly on the primary server which in turn appears to kill the secondary nameserver. I have deleted and rewritten the /etc/named.conf and all zones on both servers thinking it might be a corrupt file. This did not resolve the problem. I have scoured the web for answers but find very little information on the error stated in the subject line. I will post my /etc/named.conf file and my zone file if needed. But I am confident that they are correct. I do see alot of 'lameserver resolving...' messages in my log but none of them are my servers so I don't believe I need to worry about them.
Any ideas???? I am hoping jlevie will weigh in on this topic as I have seen a similar open topic on the boards.
Thanks to all who contribute.
Any ideas???? I am hoping jlevie will weigh in on this topic as I have seen a similar open topic on the boards.
Thanks to all who contribute.
Hi,
It indeed is kind of denial of service bug on BIND. You might want to download the patches here:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-9.2.1-1.7x.2.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-devel-9.2.1-1.7x.2.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-utils-9.2.1-1.7x.2.i386.rpm
Besides, it seems like you run the DNS server for your own domain. So you might want to update
most latest patches for your DNS box for security. Those patches applies on all RH 7.x.
http://download.fedoralegacy.org/redhat/7.3/updates/i386/
Regards,
Wesly
It indeed is kind of denial of service bug on BIND. You might want to download the patches here:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-9.2.1-1.7x.2.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-devel-9.2.1-1.7x.2.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-utils-9.2.1-1.7x.2.i386.rpm
Besides, it seems like you run the DNS server for your own domain. So you might want to update
most latest patches for your DNS box for security. Those patches applies on all RH 7.x.
http://download.fedoralegacy.org/redhat/7.3/updates/i386/
Regards,
Wesly
ASKER
First of all, thanks for your response jlevie. Now on to the real issue. I read the thread you suggested and it does sound like my problem. Up until now I have been able to load and configure all the services I needed. I am really a newbie when it comes to Linux even though I have been using it for a little more than a year. My position has always been "If it ain't broke, don't fix it." So know it is broke and the dark cloud of upgrading an OS that I am less than comletely comfortable with looms on the horizon. You asked, "What version of RedHat are you running and is up to date w/respect to the errata?" I am 7.3. I tried 9.2 which I believe to be Mandrake but I did not like it as well. What is errata? Please forgive my ignorance.
> What is errata?
Errata is the bug report.
> I am 7.3.
Then download those 3 patches, (as root)
wget http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-9.2.1-1.7x.2.i386.rpm
wget http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-devel-9.2.1-1.7x.2.i386.rpm
wget http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-utils-9.2.1-1.7x.2.i386.rpm
rpm -Fvh bind*.rpm <==== This won't break other service
Then restart named:
service named restart
to see if the problem goes away.
Wesly
Errata is the bug report.
> I am 7.3.
Then download those 3 patches, (as root)
wget http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-9.2.1-1.7x.2.i386.rpm
wget http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-devel-9.2.1-1.7x.2.i386.rpm
wget http://download.fedoralegacy.org/redhat/7.3/updates/i386/bind-utils-9.2.1-1.7x.2.i386.rpm
rpm -Fvh bind*.rpm <==== This won't break other service
Then restart named:
service named restart
to see if the problem goes away.
Wesly
Is your 7.3 OS up to date w/respect to all of the published errata? RedHat no longer supports that version, but the errata updates are available from http://www.fedoralegacy.org. From what I see in bugzilla an errata update was published to correct that problem.
> What is errata?
Those are updates to a given release to correct problems or add functionality to a given RedHat release. Linux, like any other OS, may have problems with things on the distribution CD's that aren't discovered until after the release has been distributed. The errata for a release is the way those faults are corrected.
> What is errata?
Those are updates to a given release to correct problems or add functionality to a given RedHat release. Linux, like any other OS, may have problems with things on the distribution CD's that aren't discovered until after the release has been distributed. The errata for a release is the way those faults are corrected.
ASKER
Ok, I have dl'd the patches Wesly directed me to and am having a go at it. Now I just need to remember how to run the patches. Is there any docs in the rpm's?
ASKER
Thanks Wesly. I keep replying simultaneously to yours. I will give it a go.
> how to run the patches
rpm -Fvh bind*.rpm
> any docs in the rpm's
man rpm
info rpm
Wesly
rpm -Fvh bind*.rpm
> any docs in the rpm's
man rpm
info rpm
Wesly
My recollection is that you need more than just the bind updates. There is an updated Glibc that is also part of the fix. You really need to update the entire system, not just Bind. There are a number of security updates for other things in the errata that you really need to have on the system.
This looks like we're getting somewhere at last. =)
Wesly, post a comment on this question & when it seems the problem is solved, I will split the points with both u & J for his past help & some info on this question too.
https://www.experts-exchange.com/questions/21148712/Named-BIND-'spontaneously'-dying.html
J, there is some reason that we can't upgrade the OS on our system, can't entirely remember what the reason was, but we did try and because of our netwroking setup (we go through a complex set of routers straight into the local backbone) we can't run our servers with anything more than RH7.3 - one day we may try again & succeed, but for the time being, is there a way to patch those security issues without a complete kernel overhaul?
Wesly, post a comment on this question & when it seems the problem is solved, I will split the points with both u & J for his past help & some info on this question too.
https://www.experts-exchange.com/questions/21148712/Named-BIND-'spontaneously'-dying.html
J, there is some reason that we can't upgrade the OS on our system, can't entirely remember what the reason was, but we did try and because of our netwroking setup (we go through a complex set of routers straight into the local backbone) we can't run our servers with anything more than RH7.3 - one day we may try again & succeed, but for the time being, is there a way to patch those security issues without a complete kernel overhaul?
Hi,
Since RedHat discontinues the support on RedHat 7.3 but you can still download the latest patches from:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/
Besides, you can use apt-get to automate the update process:
As root:
wget http://ftp.freshrpms.net/pub/freshrpms/redhat/7.3/apt/apt-0.5.5cnc5-fr0.rh73.2.i386.rpm
rpm -ivh apt-0.5.5cnc5-fr0.rh73.2.i 386.rpm
apt-get dist-upgrade
By the way, upgrade kernel doesn't mean upgrade OS to RH 9 or Fedora. The latest kernel for RH7.3 is:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-37.7.legacy.i686.rpm
Well, kernel upgrade need to be reboot to load that kernel.
Regards,
Wesly
Since RedHat discontinues the support on RedHat 7.3 but you can still download the latest patches from:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/
Besides, you can use apt-get to automate the update process:
As root:
wget http://ftp.freshrpms.net/pub/freshrpms/redhat/7.3/apt/apt-0.5.5cnc5-fr0.rh73.2.i386.rpm
rpm -ivh apt-0.5.5cnc5-fr0.rh73.2.i
apt-get dist-upgrade
By the way, upgrade kernel doesn't mean upgrade OS to RH 9 or Fedora. The latest kernel for RH7.3 is:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-37.7.legacy.i686.rpm
Well, kernel upgrade need to be reboot to load that kernel.
Regards,
Wesly
ASKER
Ok. "There is an updated Glibc that is also part of the fix. You really need to update the entire system, not just Bind." I went to the http://download.fedoralegacy.org/redhat/7.3/updates/i386/ site and there are a lot of rpm files there. Are you saying that I need to install all of them individually? Obviously exluding the packages I am not using. And what does Glauson mean about a "complete kernal overhaul" That sounds like something I would like to avoid right now.
ASKER
The BIND update I was able to do remotely without rebooting. I can go to the NOC if I have to but I'd rather not. Can I do the updates using the 'apt-get' method remotely without a reboot? Or can I do it in such a way where the server reboots automatically?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I will wait on the kernel update until tomorrow. I have installed the BIND updates and will wait to see the results before I close this question.
Thank you wesly and jlevie.
Thank you wesly and jlevie.
jlevie, do u want to post a comment in the other question ( links above )
with a link to this question for answers; so when others look for the "Accepted Answer" they get directed to this page with more info plz?
Then I'll accept that & throw some points around to the others.
Ta.
with a link to this question for answers; so when others look for the "Accepted Answer" they get directed to this page with more info plz?
Then I'll accept that & throw some points around to the others.
Ta.
ASKER
Ok, closing this question. Both jlevie and wesly gave Great information. wesly's was a little more "newbie-friendly" but they should each get an equal share of the points for their help.
Thanks guys,
Thanks guys,
What version of RedHat are you running and is up to date w/respect to the errata?