Date: Tue, 15 Jul 2008 21:01:14 +1000 From: jonathan michaels <jlm@caamora.com.au> To: Ian Smith <smithi@nimnet.asn.au> Cc: Yuri Pankov <yuri.pankov@gmail.com>, freebsd-questions@freebsd.org Subject: Re: named and its hourly reports Message-ID: <20080715210114.38361@caamora.com.au> In-Reply-To: <Pine.BSF.3.96.1080715194603.29091D-100000@gaia.nimnet.asn.au>; from Ian Smith on Tue, Jul 15, 2008 at 08:27:33PM %2B1000 References: <20080715085012.ADEE810656F1@hub.freebsd.org> <Pine.BSF.3.96.1080715194603.29091D-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
ian,
long time no scribble .. thanks much appreciated
On Tue, Jul 15, 2008 at 08:27:33PM +1000, Ian Smith wrote:
> On Tue, 15 Jul 2008 12:22:06 +1000 jonathan michaels <jlm@caamora.com.au> wrote:
>
> > named now reports hourly
> >
> > Jul 15 06:55:10 hid named[617]: could not listen on UDP socket: permission denied
> > Jul 15 06:55:10 hid named[617]: creating IPv4 interface tun0 failed; interface ignored
> > Jul 15 07:55:10 hid named[617]: could not listen on UDP socket: permission denied
> > Jul 15 07:55:10 hid named[617]: creating IPv4 interface tun0 failed; interface ignored
> > Jul 15 08:55:10 hid named[617]: could not listen on UDP socket: permission denied
> > Jul 15 08:55:10 hid named[617]: creating IPv4 interface tun0 failed; interface ignored
> > Jul 15 09:55:10 hid named[617]: could not listen on UDP socket: permission denied
> > Jul 15 09:55:10 hid named[617]: creating IPv4 interface tun0 failed; interface ignored
> >
> > i've tried teh hand book, even muddled my way through google, teh only
> > reference that has surfaced is a pointer to the fact the this error
> > message is because named is running in a sandbox ??? d'ont know when
> > that happened but freebsd now runs named from a sandbox ..
>
> By default .. you don't have to, but it's a very good idea these days.
>
> > this machine is a router/gateway and old 486 with a small scsi hdd that
> > is rapidly filling up from this and others, to my mind silly error
> > messages.
> >
> > is there some way to fix thins, is it a hard error, can i run named not
> > in a sandbox, i'm also seeing other errors that seem (to my mind) to be
> > related to this, but i am not sure so i'm keeping my mouth shut untill
> > i can work it out and find teh real culprit ..
>
> Jonathan, I don't think not running named in a sandbox would help here.
after i got yuri post earlier i started to do some reading and
it all making sence now and so does the sandbox stuff .. si it
is staying.
> As Yuri pointed out, named is scanning all interfaces, default hourly.
this is teh thing i'm having trouble with, why is named scaning
anything ??
i've got two secondaries (my isp and a friend) for
caamora.com.au, it was easy in bind v4, but not so with the new
v8/9 config .. everything and teh kitchen sink gets defined. i
am working my way through it, its a bit of hard going for me.
> I had a related problem on this laptop, with the same error messages -
> after a suspend/resume the (pccard) interface wasn't coming up quickly
> enough to beat named's (then overdue) interface scan, so named wouldn't
> bind to that interface. I fixed that by running the following script
> from /etc/rc.resume:
>
> #!/bin/sh
> # 28/12/6 called by rc.resume; wait for pccard resume to reattach xe0 ..
> doit() {
> sleep $1
> # logger -p user.notice stopping named
> /etc/rc.d/named stop
> # + 31/12/6 missed restart once .. try:
> sleep 1
> # logger -p user.notice restarting named
> /etc/rc.d/named start
> }
> delay=5; [ "$1" ] && delay=$1
> doit $delay &
> exit 0 # finish rc.resume so pccard resume can get on with it ..
>
> Note that /etc/rc.d/named restart didn't work for me, nor rndc restart.
thanks, but i don't think this will help here, the machine is a
permanently connected dialup ppp (now userland ppp, formerly
kernel pppd). so it just sits there doing its thing untill teh
ocasion thunderstorm <grin> or freebsd fallover, stuff happens.
> However there are perhaps better ways to tackle this, depending on which
> interface/s you *need* to have named listening on. If you need named to
> listen on the adddress of tun0 (pppoe, I suppose?) then you may need to
this is teh bit i am failing to understand, why is named
scaning tun0, what is it looking for .. it should be obvious,
but sorry i am not making sence of this.
i read teh 'listen-on' bit in dns&bind ed5 (after yuri tip off)
and trying to workout if bind is using this 'listen-on' is it
looking for internal dns queries or looking for stuff coming in
from teh outside for the getting of domain transfer infromation
for teh secondaries, umm slave servers out there, as mentioned
earlier teh isp dns server and teh 'friend dns server' i am not
quite clear on where that information goes in teh new scheme of
things ??
> do something like the above whenever ppp connects, or reconnects, from a
> suitable up-script for ppp. The disadvantage is clearing named's cache.
> If on the other hand you only need named listening on other interface/s
> than tun0, use the 'listen on { $address; };' option/s to specify the
> address/es to listen on. The default is '*', the addresses associated
> with each interface, as 'sockstat -4 | grep named' will show. Don't
> forget to include a 'listen on { 127.0.0.1; }' if you want localhost.
>
> > some pointers would be most appreciated .. i've been struggling with
> > this for aover a year now and do not know where else to go ??
>
> You could have come here a year ago :)
fortress jonathan says it all i guess ,, but slowly i'm coming
to my sences .. grin. thanks ian yuri et al
thanks guys.....
most kind regards and sincere appreciations.
jonathan
--
================================================================
powered by ..
QNX, OS9 and freeBSD -- http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080715210114.38361>