Stewart, Larry C Sr CTR DISA JITC (US) wrote:
> I have configured the Solaris service admin to run
> /nithr/sbin/named -t /dns -u dnsuser
> when I start the dns server now since I have upgraded to 9.10.0-P2 I get
> a daemon notice that it is unable to set the effective uid to 0: Not
> Owner
Correct, so is there some negative impact I can expect or is it just a log
entry I can ignore?
Larry Stewart, CISSP, CCNA
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil
-Original Message-
From: Tony Finch [ma
Hi
I did compile 9.10 with --with-geoip , did the config as follows :
In options
geoip-directory "/usr/share/GeoIP/GeoIP.dat";
in zones
acl "US" {
geoip country US;
};
view "US" {
match-clients { US; }; //Once I add this it throws the error below
***
include "/etc/named
that's really interesting, also on the firewall rate-limiting new
UDP connections to 30 per 2 seconds and client IP also catchs all
day long several facebook IP's on both nameservers
Firewall Rate-Control: SRC=69.171.247.119 DST=85.124.176.242 LEN=74 TOS=0x00
PREC=0x00 TTL=80 ID=65378 PROTO=UDP
S
Stewart, Larry C Sr CTR DISA JITC (US) wrote:
> Correct, so is there some negative impact I can expect or is it just a
> log entry I can ignore?
If you aren't getting any "Could not open..." warnings as well then you
are probably OK.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Dover, Wight,
Ali Jawad wrote:
>
> acl "US" {
> geoip country US;
> };
>
> view "US" {
> match-clients { US; }; //Once I add this it throws the error below
> };
>
> /etc/named.conf:47: no GeoIP database installed which can answer queries of
> type 'country'
This is a bug in 9.10.0 which will be fixed
So I logged in as the user that I normally start named with and I get the
following error:
Named: chroot(): Not owner
Larry Stewart, CISSP, CCNA
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil
-Original Message-
deamons binding privileged ports should be started as
root because they have some tasks to do before drop
privileges
Am 01.07.2014 16:55, schrieb Stewart, Larry C Sr CTR DISA JITC (US):
> So I logged in as the user that I normally start named with and I get the
> following error:
>
> Named: chro
Stewart, Larry C Sr CTR DISA JITC (US) wrote:
> So I logged in as the user that I normally start named with and I get the
> following error:
>
> Named: chroot(): Not owner
You need to start named as root for it to be able to chroot. (Unless
Solaris has some cunning fine-grained privilege featur
Ok so that was not a good troubleshooting technique, was trying to determine
what did not have the correct permissions and thus causing the warning. I guess
I will go ahead and run it the way I have been for the last 5 years, unless I
find it is causing me problems.
Larry Stewart, CISSP, CCNA
C
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2014-07-01 at 16:45 +0200, Reindl Harald wrote:
> 30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to
> 69.171.248.0/24 for ns1.thelounge.net IN (1abd134b)
I also see the rate limiting kicking in for facebook ranges. I should
setup
Am 01.07.2014 17:27, schrieb Carl Byington:
> On Tue, 2014-07-01 at 16:45 +0200, Reindl Harald wrote:
>> 30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to
>> 69.171.248.0/24 for ns1.thelounge.net IN (1abd134b)
>
> I also see the rate limiting kicking in for facebook ranges. I should
You need to start named as root for it to be able to chroot. (Unless
Solaris has some cunning fine-grained privilege feature I don't know
about.)
On 01.07.14 15:18, Stewart, Larry C Sr CTR DISA JITC (US) wrote:
Ok so that was not a good troubleshooting technique, was trying to
determine what di
Am 01.07.2014 17:46, schrieb Matus UHLAR - fantomas:
>> You need to start named as root for it to be able to chroot. (Unless
>> Solaris has some cunning fine-grained privilege feature I don't know
>> about.)
>
> On 01.07.14 15:18, Stewart, Larry C Sr CTR DISA JITC (US) wrote:
>> Ok so that was no
Hi Tony
I did try match-clients {geoip country US; }; but
that yielded the same error. Which is weird, I did actually submit the bug
with the above patch in RC2 and inline worked at the time . Will try the
patch, let me know if you have input on the match-clients please. As I did
already buil
> geoip-directory "/usr/share/GeoIP/GeoIP.dat";
Should be a directory.
>
> in zones
>
>
> acl "US" {
>
> geoip country US;
>
> };
>
>
>
> view "US" {
>
> match-clients { US; }; //Once I add this it throws the error below
> ***
>
> include "/etc/named.rfc1912.zones";
>
Hi Jeremy
Thanks for chipping in. Usual as ever. So I did actually use geoip-directory
"/usr/share/GeoIP";
and ls of that dir is
[root@uk etc]# ls -lart /usr/share/GeoIP/
-rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat
The output from the logs is
Jul 1 14:38:56 uk named[1795]: using
On Tue, 1 Jul 2014, Ali Jawad wrote:
> [root@uk etc]# ls -lart /usr/share/GeoIP/
>
> -rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat
>
>
>
> The output from the logs is
>
> Jul 1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP directory
>
> Jul 1 14:38:56 uk named[1795
Hi Jeremy
Yes it does see the below
[root@uk ~]# geoiplookup ip.ip.ip.ip
GeoIP Country Edition: US, United States
A bummer though, as I have purchased the Maxmind Country edition.
When I did try to install GeoLiteCity.dat I got the error below
file /usr/share/GeoIP/GeoIP.dat from install o
Hi Ali
On Tue, Jul 01, 2014 at 08:41:32PM +0200, Ali Jawad wrote:
> [root@uk etc]# ls -lart /usr/share/GeoIP/
>
> -rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat
Though this is not the problem causing the failure:
This filesize looks too large for it to be the current country database
G
Hi Mukund
This is the paid version of the DB, tailing that file states
GEO-106 20140624 Build 1 Copyright (c) 2014 MaxMind Inc All Rights Reserved
As said it does work with the geoiplookup tool.
seLinux is disabled and permissions for files are default on a fresh
system..see below for GeoIP dir
In message <53b2d903.4070...@thelounge.net>, Reindl Harald writes:
>
>
> Am 01.07.2014 17:46, schrieb Matus UHLAR - fantomas:
> >> You need to start named as root for it to be able to chroot. (Unles
> s
> >> Solaris has some cunning fine-grained privilege feature I don't kno
> w
> >> about.)
> >
>
22 matches
Mail list logo
