Hi, I want to make interface with Windows DNS and PowerDNS any best practice and way to do that.
On Sat, 11 Jan 2020 at 5:30 PM, <pdns-users-requ...@mailman.powerdns.com> wrote: > Send Pdns-users mailing list submissions to > pdns-users@mailman.powerdns.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.powerdns.com/mailman/listinfo/pdns-users > or, via email, send a message with subject or body 'help' to > pdns-users-requ...@mailman.powerdns.com > > You can reach the person managing the list at > pdns-users-ow...@mailman.powerdns.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Pdns-users digest..." > > > Today's Topics: > > 1. Re: pdns-recursor Permissions Error (Sharone) > 2. Re: pdns-recursor Permissions Error (Steve Shipway) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 10 Jan 2020 16:32:43 +0300 > From: Sharone <missaki...@gmail.com> > To: Brian Candler <b.cand...@pobox.com> > Cc: Otto Moerbeek <otto.moerb...@open-xchange.com>, > pdns-users@mailman.powerdns.com > Subject: Re: [Pdns-users] pdns-recursor Permissions Error > Message-ID: > <CACMzb4dGtzN=Xo8NxscaJDpKnxpSGmqZ=h9= > nxr_bx0jvuu...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Thank you all for the generous and tremendous support. > I have traffic on Cacti from my recursive servers now. > Have a lovely weekend. > > Regards, > Sharone > > > On Fri, 10 Jan 2020 at 14:30, Brian Candler <b.cand...@pobox.com> wrote: > > > On 10/01/2020 11:07, Sharone wrote: > > > > I have attempted to comment out the line *extend pdns-rec > > /usr/local/bin/pdns_stats *in snmpd.conf file and still gotten the same > > error, however changing permissions to the entire directory to rwx worked > > but like you mentioned this indeed brings about a security issue. > > > > Oh well, if that works, you just do tighter permissions - e.g. changing > > the directory *group* to "snmp" or "Debian-snmp" as appropriate, and > > setting mode 775. > > > > This is what out-of-box recursor has: > > > > root@cache1:~# ls -ld /var/run/pdns-recursor > > drwxr-xr-x 2 pdns pdns 60 Dec 12 12:49 /var/run/pdns-recursor > > > > root@cache1:~# ls -l /var/run/pdns-recursor/ > > total 0 > > srwxr-xr-x 1 pdns pdns 0 Dec 12 12:49 pdns_recursor.controlsocket > > > > Using pdns:snmp and mode 775 should be fine. > > > > See also the perms for the socket itself: > > > https://docs.powerdns.com/recursor/settings.html#socket-owner-socket-group-socket-mode > > > > HTH, > > > > Brian. > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200110/5c915578/attachment-0001.htm > > > > ------------------------------ > > Message: 2 > Date: Sat, 11 Jan 2020 20:53:08 +1300 (NZDT) > From: Steve Shipway <steve.ship...@smxemail.com> > To: Sharone <missaki...@gmail.com> > Cc: pdns-users@mailman.powerdns.com > Subject: Re: [Pdns-users] pdns-recursor Permissions Error > Message-ID: <352284712.7331.1578729188...@webmail.nz.smxemail.com> > Content-Type: text/plain; charset="utf-8" > > From what I can see, your snmpd system will run /usr/local/bin/pdns_stats > as the snmpd user. This user does not have write permission to the > /var/run/pdns-recursor directory and so you get the error. > You could either make the /var/run/pdns-recursor mode 775 and group snmpd; > or maybe add the snmpd user to the pdns group and make the directory mode > 775. Note that you also need to have the same mode and ownership on the > socket. > Hope this helps, sorry for the slow reply have been very busy > Steve > > > > On 09 January 2020 at 18:24 Sharone <missaki...@gmail.com> wrote: > > > > Hello Steve, > > > > I appreciate your response. Below is what is inside > /etc/snmp/snmpd.conf file > > > > rocommunity public > > syslocation "Data Center" > > syscontact ad...@techs.co.ug mailto:ad...@techs.co.ug > > createUser admin SHA admin123! AES admin123! > > rouser admin authPriv > > extend pdns-rec /usr/local/bin/pdns_stats > > agentAddress udp:161,udp6:[::1]:161 > > > > /etc/default/snmpd > > > > # This file controls the activity of snmpd > > > > # Don't load any MIBs by default. > > # You might comment this lines once you have the MIBs downloaded. > > export MIBS= > > > > # snmpd control (yes means start daemon). > > SNMPDRUN=yes > > > > # snmpd options (use syslog, close stdin/out/err). > > SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I > -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid' > > > > snmp service status > > > > # systemctl status snmpd.service > > ? snmpd.service - LSB: SNMP agents > > Loaded: loaded (/etc/init.d/snmpd; bad; vendor preset: enabled) > > Active: active (running) since Thu 2020-01-09 08:24:04 EAT; 4s ago > > Docs: man:systemd-sysv-generator(8) > > Process: 694 ExecStop=/etc/init.d/snmpd stop (code=exited, > status=0/SUCCESS) > > Process: 703 ExecStart=/etc/init.d/snmpd start (code=exited, > status=0/SUCCESS) > > Tasks: 1 > > Memory: 4.3M > > CPU: 66ms > > CGroup: /system.slice/snmpd.service > > ??710 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp > -I -smux mteTrigger mteTriggerConf -p /run/snmpd.pid > > > > Jan 09 08:24:04 vdns-50 systemd[1]: Starting LSB: SNMP agents... > > Jan 09 08:24:04 vdns-50 snmpd[703]: * Starting SNMP services: > > Jan 09 08:24:04 vdns-50 systemd[1]: Started LSB: SNMP agents. > > Jan 09 08:24:04 vdns-50 snmpd[710]: NET-SNMP version 5.7.3 > > > > Regards, > > Sharone > > > > > > On Wed, 8 Jan 2020 at 22:35, Steve Shipway < > steve.ship...@smxemail.com mailto:steve.ship...@smxemail.com > wrote: > > > > > > On Wed, 2020-01-08 at 09:20 +0300, Sharone wrote: > > > > > > > > > # snmpwalk -v2c -c public localhost > .1.3.6.1.4.1.8072.1.3.2.4.1.2 > > > > > iso.3.6.1.4.1.8072.1.3.2.4.1.2.8.112.100.110.115.45.114.101.99.1 = STRING: > "Fatal: Unable to generate local temporary file in directory > '/var/run/pdns-recursor': Permission denied" > > > > > > > > > > > > > A couple of thoughts here . Either > > > - SElinux is doing its magic and blocking - this should be > logged in the syslog if so, or > > > - Your SNMP is running with chroot enabled and > /var/run/pdns-recursor doesn't exist in the chroot environment > > > - rec_control is trying to generate a tmp file as the snmp > user so doesn't have wri > <https://www.google.com/maps/search/tmp+file+as+the+snmp+user+so+doesn't+have+wri?entry=gmail&source=g>te > permission. > > > - Your SNMP daemon is using a temporary file for the > rec_control output which it is trying to put in /var/run/pdns-recursor > > > > > > Being able to see your snmp daemon configuration would > probably help with diagnosing this, so please post it here if possible. > > > > > > Steve > > > > > > > > > -- > > > Steve Shipway | Senior Email Systems Administrator > > > Phone: +64 9 302 0515 Fax: +64 9 302 0518 > > > Freephone: 0800 SMX SMX (769 769) > > > SMX Limited: Level 10, 19 Victoria Street West, Auckland, New > Zealand > > > Web: http://smxemail.com/ > > > > > > > > > > > > > > > > > > This email has been filtered by SMX. For more information > visit http://smxemail.com/ > > > > > > > > > > > > > > > _______________________________________________ > > > Pdns-users mailing list > > > Pdns-users@mailman.powerdns.com mailto: > Pdns-users@mailman.powerdns.com > > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > > > > > > > _____________________________________________________________________________ > > This email has been filtered by SMX. For more info visit > http://smxemail.com > > _____________________________________________________________________________ > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200111/5deed278/attachment-0001.htm > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > ------------------------------ > > End of Pdns-users Digest, Vol 204, Issue 10 > ******************************************* > -- Sent from Gmail Mobile
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users