Date: Thu, 11 Jan 2007 11:44:38 -0500 (EST) From: Ken Cochran <kwc@theworld.com> To: freebsd-questions@freebsd.org Subject: 4.10-stable nameserver strange behavior Message-ID: <200701111644.l0BGicb05272011@shell01.TheWorld.com>
next in thread | raw e-mail | index | archive | help
Hi: How I "refresh" a system binary? More specifically, I think I may have a compromised(?) named in /usr/sbin but what I have in /usr/obj should be fine; if not I still have it in /usr/src and can rebuild/reinstall it. So how would I do the "named only" part of an installworld? Or, to take it another step back, how to do the "named only" part of a buildworld, followed by the "named only part of an installworld? I have the dead-tree versions of both the Handbook & Lehey's book. Or, where might I find this/these procedures documented? Actually, what has really happened is a "wierdness" I'm trying to correct: (Maybe my named has been compromised somehow but there have been no messages in the nightly security runs.) In the wee hours of the morning, my upstream cablemodem provider dhcp'ed me a new ip-address. Ok, fine... (Dhclient seems working fine from what the system log & tcpdump are showing.) I can ping/traceroute (to) my system from outside (proper stuff shows up in tcpdump too) but I can't ping/traceroute *from* my system to anywhere (not even by ip-address). I can ping "myself" (the newly assigned ip-address just fine. Hmm, name service isn't working correctly (I run a local cache-only DNS, BIND 8.3.7, ya, old but someday...), so I kill & restart named. The appropriate named startup messages appear in the messages-log, e.g. "listening on [new ip-address]. Here's the wierd part: tcpdump shows DNS "priming" requests (to the various *.root-servers.net addresses) with a *source* ip of my *previous* ip-address, not the new one. So far, *no* NS requests show the proper source address; they all show the old ip-address & not the new one. Also, so far, behavior survives reloading, restarting & completely killing & restarting named. Umm... what else can I think of... No external IPs are in the named config and/or zone files, only local 192.168 & 127 things. I can't find any zombie processes so far(?) OS is: 4.10-STABLE FreeBSD 4.10-STABLE #0: Sun Nov 28 03:17:35 CST 2004 Yes, I know, very old... I do plan to upgrade... This system is very creaky nowadays & I'm very reluctant to reboot it; might not come back up. :( Ideas? Many thanks, -kc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701111644.l0BGicb05272011>