From owner-freebsd-questions@FreeBSD.ORG Thu Jan 11 16:56:37 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5AF9A16A403 for ; Thu, 11 Jan 2007 16:56:37 +0000 (UTC) (envelope-from kwc@shell01.TheWorld.com) Received: from TheWorld.com (pcls6.std.com [192.74.137.146]) by mx1.freebsd.org (Postfix) with ESMTP id EE30813C442 for ; Thu, 11 Jan 2007 16:56:36 +0000 (UTC) (envelope-from kwc@shell01.TheWorld.com) Received: from shell.TheWorld.com (root@shell01.theworld.com [192.74.137.71]) by TheWorld.com (8.13.6/8.13.6) with ESMTP id l0BGj0fX027821; Thu, 11 Jan 2007 11:45:02 -0500 Received: from shell01.TheWorld.com (localhost.theworld.com [127.0.0.1]) by shell.TheWorld.com (8.13.6/8.12.8) with ESMTP id l0BGidVg5287170; Thu, 11 Jan 2007 11:44:39 -0500 (EST) Received: (from kwc@localhost) by shell01.TheWorld.com (8.13.6/8.13.6/Submit) id l0BGicb05272011; Thu, 11 Jan 2007 11:44:38 -0500 (EST) Date: Thu, 11 Jan 2007 11:44:38 -0500 (EST) From: Ken Cochran Message-Id: <200701111644.l0BGicb05272011@shell01.TheWorld.com> To: freebsd-questions@freebsd.org X-Spam-Status: No, score=-4.4 required=10.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.5 X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on pcls6.std.com X-Virus-Scanned: ClamAV 0.88.4/2436/Thu Jan 11 06:48:19 2007 on pcls6.std.com X-Virus-Status: Clean Subject: 4.10-stable nameserver strange behavior X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2007 16:56:37 -0000 Hi: How I "refresh" a system binary? More specifically, I think I may have a compromised(?) named in /usr/sbin but what I have in /usr/obj should be fine; if not I still have it in /usr/src and can rebuild/reinstall it. So how would I do the "named only" part of an installworld? Or, to take it another step back, how to do the "named only" part of a buildworld, followed by the "named only part of an installworld? I have the dead-tree versions of both the Handbook & Lehey's book. Or, where might I find this/these procedures documented? Actually, what has really happened is a "wierdness" I'm trying to correct: (Maybe my named has been compromised somehow but there have been no messages in the nightly security runs.) In the wee hours of the morning, my upstream cablemodem provider dhcp'ed me a new ip-address. Ok, fine... (Dhclient seems working fine from what the system log & tcpdump are showing.) I can ping/traceroute (to) my system from outside (proper stuff shows up in tcpdump too) but I can't ping/traceroute *from* my system to anywhere (not even by ip-address). I can ping "myself" (the newly assigned ip-address just fine. Hmm, name service isn't working correctly (I run a local cache-only DNS, BIND 8.3.7, ya, old but someday...), so I kill & restart named. The appropriate named startup messages appear in the messages-log, e.g. "listening on [new ip-address]. Here's the wierd part: tcpdump shows DNS "priming" requests (to the various *.root-servers.net addresses) with a *source* ip of my *previous* ip-address, not the new one. So far, *no* NS requests show the proper source address; they all show the old ip-address & not the new one. Also, so far, behavior survives reloading, restarting & completely killing & restarting named. Umm... what else can I think of... No external IPs are in the named config and/or zone files, only local 192.168 & 127 things. I can't find any zombie processes so far(?) OS is: 4.10-STABLE FreeBSD 4.10-STABLE #0: Sun Nov 28 03:17:35 CST 2004 Yes, I know, very old... I do plan to upgrade... This system is very creaky nowadays & I'm very reluctant to reboot it; might not come back up. :( Ideas? Many thanks, -kc