HPE Community
Operating System - Linux
1822420 Members
3061 Online
109642 Solutions
New Discussion юеВ

rc script for named on rh9 not kicking off named

 
SOLVED
Go to solution
rmueller58
Valued Contributor

тАО05-19-2004 04:46 AM

тАО05-19-2004 04:46 AM

rc script for named on rh9 not kicking off named

I'm baffled,

this morning came in and our primary DNS was down. Not the box, but the process. I tried running /etc/init.d/named start to no avail, hardbooted, softbooted, finally kicked off using "named -u named", I have a couple other rc scripts (such as nfsd), that were dead too.
does anyone have any insight into how we could insure we get the scripts running correctly again? It appeared from the logs that DNS died about 04:00, (i think..) ..
normally when we boot the S##named in rc5.d or rc3.d will start named.. I am starting to lose my grey hair over the deal, my boss is a bit miphed about Open Source because RH isn't support RH9 anymore.

help, suggestions, loaded pistols?

Thanks in advance

Rex Mueller -
Educational Service Unit #3
LaVista NE
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО05-19-2004 05:36 AM

тАО05-19-2004 05:36 AM

Solution

Re: rc script for named on rh9 not kicking off named

Obviously DNS died because something it needed ceased to exist.

In a standard setup the zone files are in /var/named and the configuration file is /etc/named.conf

So go through the resources and see whats referred to but missing.

I'd say off the top of my head that something is missing in /etc/

/etc/init.d /etc/rc#.d Seems like something is corrupt or was deleted.

This isn't an open source issue. Something went wrong, you need cafefully look through it, perhaps start with /var/log/messages and figure out what happened.

If the very same files are missing or destoryed on HP-UX or Solaris the results would be the same.

I'm wondering if named died while running or at boot time. Thats not apparent yet. If it died while running, then something, possibly a disk failure or fat finger delete went wrong.

Compare the files and permissions to a workin g system if available.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
rmueller58
Valued Contributor

тАО05-19-2004 06:32 AM

тАО05-19-2004 06:32 AM

Re: rc script for named on rh9 not kicking off named

Steven,

We copied then /etc/init.d/named from our secondary, tested it and it worked.. It is my guess you are right about runtime corruption.. We are going to do some hardware diags it may be we have a drive flaking out..
0 Kudos
Reply
Vernon Brown_4
Trusted Contributor

тАО05-19-2004 08:45 AM

тАО05-19-2004 08:45 AM

Re: rc script for named on rh9 not kicking off named

I used to get similar process failures two or three times a week. I had been running with RedHat 7.1 for a couple of years with no problem; then all of a sudden syslogd would not be running when checked in the AM. /var/log/messages and /var/log/maillog /dev/eth0 (internet connection) was changed to permisquous (sp) mode. Sometimes /etc/inittab was missing also. My guess is that it was hackers trying to set up an open spam relay.

After upgrading to Fedora Core 1 all is well so far; about 30 days.

Vern
Reply
rmueller58
Valued Contributor

тАО05-19-2004 08:49 AM

тАО05-19-2004 08:49 AM

Re: rc script for named on rh9 not kicking off named

Initially my thought was a DNS hack attempt, I did notice some UDP flooding on my IDS system heading toward this box, (77 hits) however we've got UDP blocked at the FW, so we ruled that out.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-19-2004 10:33 AM

тАО05-19-2004 10:33 AM

Re: rc script for named on rh9 not kicking off named

As a precaution, I'd recommend getting Bastille onto all systems, experimental first and running through the gui interface. It asks questions, makes automatic improvements and makes the server more secure.

If the server is exposed the the Internet, which I did not know before, the cause of the problems coule have been a hacker.

Do check the /etc/passwd file for entries you didn't put there. If there has been a hack, the evil doer more than likely tried to leave a back door for continued access.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.