On 02/05/09 16:04, Cherney John-CJC030 wrote:
Yes, I normally use svcadm disable dns/server to stop named. Also, I've
modified the dns/server stop method from the usual "kill:" to
"/usr/sbin/rndc stop". I did that because I want to make sure the cache
gets written to the db files, which an rndc stop does. It seems that
named is having a problem with one of the files, but I can't tell which
one from the first syslog message.
John,
Did you make other SMF changes too? Could you provide output from
'svcprop dns/server'?
As Gregory touches upon below, an 'rndc stop' does attempt to execute
the SMF instances stop method before named exits as that is how named
informs SMF that it intentionally exited. The message you see suggests
that the privileges to do so have been lost, often associated with the
use of chroot users.
Instead of using chroot Sun recommends changing the SMF instance
property ' start/user' to specify an alternative user and or using zones(5).
FYI we did consider making the default stop method perform an 'rndc
stop', however we found on a large DNS server an 'rndc stop' could take
a long time and thus be problematic when trying to shut down the server.
That and 'rndc stop' does eventually invoke the instances stop method!
Stacey Marshall
Sun Microsystems Ltd.
jwc
-----Original Message-----
From: Gregory Hicks [mailto:ghi...@hicks-net.net]
Sent: Thursday, February 05, 2009 10:56 AM
To: bind-us...@isc.org; Cherney John-CJC030
Cc: mark_andr...@isc.org
Subject: RE: Unexpected error question
Subject: RE: Unexpected error question
Date: Thu, 5 Feb 2009 09:51:05 -0500
From: "Cherney John-CJC030" <john.cher...@motorola.com>
To: <bind-us...@isc.org>
I see. I was assuming that the second line was caused by the first
line,
and that if I could get more info on the first line, I could take care
of both of them. I have a "named" user that the named process is run
as.
However, I see these errors even when I use rndc stop as root.
Is there any resource that recommends what permissions need to be on
specific SMF files for DNS? (or in general). Or is this even a
permissioning issue with SMF files?
The problem comes from the idea that SMF wants to be the 'controller'.
When the program in question (named in the case) receives a 'stop'
command from rndc, SMF doesn't know WHY the program stopped, just that
it DID stop. Thus the error.
A better way to stop named might be
svcadm named disable
(I think that's the right syntax but could be wrong. I am NOT an SMF
expert...) That should avoid the error message.
There was some discussion on the smf-disc...@opensolaris.org list last
month on how to avoid error messages when you don't care if the
underlying service stops all by itself.
Regards,
Gregory Hicks
Thanks!
jwc
-----Original Message-----
From: mark_andr...@isc.org [mailto:mark_andr...@isc.org]
Sent: Thursday, February 05, 2009 1:18 AM
Cc: Cherney John-CJC030; bind-us...@isc.org
Subject: Re: Unexpected error question
In message <200902050609.n1569ktg082...@drugs.dv.isc.org>, Mark
Andrews
writes:
In message
<f021020da23b6641a05e616d5ead146304597...@de01exm60.ds.mot.com>, "
Ch
erney John-CJC030" writes:
I'm seeing the following lines in syslog, which occur when I shut
down
named:
=20
general: error: ./main.c:858: unexpected error:
general: error: smf_disable_instance() failed for
svc:/network/dns/server:default : insufficient privileges for
action
=20 I'm running 9.3.5-P1 on Solaris 10 x86 =20 I took a quick look
at the source code and it looks like there should be a file and/or
filenumber as part of the unexpected error line. I've noticed the
same two lines when I issue an rndc stop. The named process does
stop, but I'm worried that there may be data in the cache that
isn't
getting written to the db files. Nothing jumped out at me from my
google search. It seems like I have a file permissions issue, but
I
haven't recently changed any file permissions. I don't see any
unusual messages on startup.=20 =20 Can someone point me the right
direction for this? Is there any other information I should/could
provide?
=20
Thanks!
jwc
SMF is Sun's management facility. The code in question was
submitted by Sun. I would be looking at how you have SMF set
up in particular how to give the user named is running under
permission to disable itself.
See also
<http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
as mentioned in the FAQ.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET:
mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
---------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
| Direct: 408.569.7928
People sleep peaceably in their beds at night only because rough men
stand ready to do violence on their behalf -- George Orwell
The price of freedom is eternal vigilance. -- Thomas Jefferson
"The best we can hope for concerning the people at large is that they be
properly armed." --Alexander Hamilton
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
