Howdy,

I have a constellation of DNS toasters used for random customers to use as resolvers. These are old junky Pentium III boxes gradually getting upgraded to a recent Linux version, but a few out there are still running Solaris 8. (Don't ask why!)

I built BIND 9.4.3.b2 to roll out to these guys, and the Solaris ones are getting their BIND killed off by an "attack" - for lack of a better term, I am sure it is more just accident + stupidity. Anyway, I see in the logs:

30-Jul-2008 12:20:13.114 resolver: clients-per-query increased to 15
30-Jul-2008 12:40:13.122 resolver: clients-per-query decreased to 14
30-Jul-2008 13:00:13.131 resolver: clients-per-query decreased to 13
[ a bunch more of the above ... then ... ]
30-Jul-2008 16:48:31.323 dispatch: dispatch 86fce90: shutting down due to TCP re
ceive error: 69.64.145.225#53: connection reset
[ then the sequence might repeat a few times .. followed by ]
30-Jul-2008 20:11:36.969 general: failed to start watching FD (22): invalid file
30-Jul-2008 20:11:36.974 general: failed to start watching FD (22): invalid file
[ a few more of those, then named dies: ]
30-Jul-2008 20:11:37.008 general: socket.c:2060: INSIST(sock->manager->fdpollinf
o[sock->fd].want_read == 0 && sock->manager->fdpollinfo[sock->fd].want_write ==
0) failed
30-Jul-2008 20:11:37.009 general: exiting (due to assertion failure)

All my Solaris 8 hosts are logging these messages from this IP. Linux servers don't seem to be affected, and a Solaris 8 on SPARC is logging the messages but not crashing.

Possibly, I'm running out of file descriptors, but inspection of these named processes don't show more than 20 or 30 open FD's at any given random moment. In this particular OS the default soft limit is 256.

I am not too concerned, this is something related to Solaris 8, which is fairly obsolete, these servers are in the process of getting replaced, and I am working around by null routing 69.64.145.0 and if I have to just writing a watchdog script for named.

-W Sanders