Hi, I have updated BIND from 9.4.2-P2 to 9.4.3-P3 to mitigate the Dynamic Update DOS attack. I have noted a lot of errors from socket.c (which I have never seen before with v9.4.2)
Jul 30 06:25:18 DNS1 named[25555]: socket.c:4524: unexpected error: Jul 30 06:25:18 DNS1 named[25555]: 22/Invalid argument There are also some of these errors: Jul 30 07:26:17 DNS1 named[25555]: sockmgr 0xb7f05008: maximum number of FD events (64) received BIND is compiled with following option on Centos 5.3 (another machine with RHEL 4.4 has these error too): ./configure --disable-openssl-version-check --with-openssl=no What should I do: - go back to 9.4.2-P2 and use iptables to filter DNS update packet - use another version of BIND - ignore the error Is anybody else experiencing this problem? Many thanks, Vu
_______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
