Stewart, Larry C Sr CTR DISA JITC (US) larry.c.stewart@mail.mil wrote:
I have configured the Solaris service admin to run
/nithr/sbin/named -t /dns -u dnsuser
when I start the dns server now since I have upgraded to 9.10.0-P2 I get
a daemon notice that it is unable to set the
Correct, so is there some negative impact I can expect or is it just a log
entry I can ignore?
Larry Stewart, CISSP, CCNA
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil
-Original Message-
From: Tony Finch
Hi
I did compile 9.10 with --with-geoip , did the config as follows :
In options
geoip-directory /usr/share/GeoIP/GeoIP.dat;
in zones
acl US {
geoip country US;
};
view US {
match-clients { US; }; //Once I add this it throws the error below
***
include
that's really interesting, also on the firewall rate-limiting new
UDP connections to 30 per 2 seconds and client IP also catchs all
day long several facebook IP's on both nameservers
Firewall Rate-Control: SRC=69.171.247.119 DST=85.124.176.242 LEN=74 TOS=0x00
PREC=0x00 TTL=80 ID=65378 PROTO=UDP
Stewart, Larry C Sr CTR DISA JITC (US) larry.c.stewart@mail.mil wrote:
Correct, so is there some negative impact I can expect or is it just a
log entry I can ignore?
If you aren't getting any Could not open... warnings as well then you
are probably OK.
Tony.
--
f.anthony.n.finch
Ali Jawad alijaw...@gmail.com wrote:
acl US {
geoip country US;
};
view US {
match-clients { US; }; //Once I add this it throws the error below
};
/etc/named.conf:47: no GeoIP database installed which can answer queries of
type 'country'
This is a bug in 9.10.0 which will be
So I logged in as the user that I normally start named with and I get the
following error:
Named: chroot(): Not owner
Larry Stewart, CISSP, CCNA
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil
-Original
deamons binding privileged ports should be started as
root because they have some tasks to do before drop
privileges
Am 01.07.2014 16:55, schrieb Stewart, Larry C Sr CTR DISA JITC (US):
So I logged in as the user that I normally start named with and I get the
following error:
Named:
Ok so that was not a good troubleshooting technique, was trying to determine
what did not have the correct permissions and thus causing the warning. I guess
I will go ahead and run it the way I have been for the last 5 years, unless I
find it is causing me problems.
Larry Stewart, CISSP, CCNA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2014-07-01 at 16:45 +0200, Reindl Harald wrote:
30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to
69.171.248.0/24 for ns1.thelounge.net IN (1abd134b)
I also see the rate limiting kicking in for facebook ranges. I should
setup
Am 01.07.2014 17:27, schrieb Carl Byington:
On Tue, 2014-07-01 at 16:45 +0200, Reindl Harald wrote:
30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to
69.171.248.0/24 for ns1.thelounge.net IN (1abd134b)
I also see the rate limiting kicking in for facebook ranges. I should
You need to start named as root for it to be able to chroot. (Unless
Solaris has some cunning fine-grained privilege feature I don't know
about.)
On 01.07.14 15:18, Stewart, Larry C Sr CTR DISA JITC (US) wrote:
Ok so that was not a good troubleshooting technique, was trying to
determine what
Am 01.07.2014 17:46, schrieb Matus UHLAR - fantomas:
You need to start named as root for it to be able to chroot. (Unless
Solaris has some cunning fine-grained privilege feature I don't know
about.)
On 01.07.14 15:18, Stewart, Larry C Sr CTR DISA JITC (US) wrote:
Ok so that was not a good
Hi Tony
I did try match-clients {geoip country US; }; but
that yielded the same error. Which is weird, I did actually submit the bug
with the above patch in RC2 and inline worked at the time . Will try the
patch, let me know if you have input on the match-clients please. As I did
already
Hi Jeremy
Thanks for chipping in. Usual as ever. So I did actually use geoip-directory
/usr/share/GeoIP;
and ls of that dir is
[root@uk etc]# ls -lart /usr/share/GeoIP/
-rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat
The output from the logs is
Jul 1 14:38:56 uk named[1795]: using
On Tue, 1 Jul 2014, Ali Jawad wrote:
[root@uk etc]# ls -lart /usr/share/GeoIP/
-rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat
The output from the logs is
Jul 1 14:38:56 uk named[1795]: using /usr/share/GeoIP as GeoIP directory
Jul 1 14:38:56 uk named[1795]: GeoIP
Hi Jeremy
Yes it does see the below
[root@uk ~]# geoiplookup ip.ip.ip.ip
GeoIP Country Edition: US, United States
A bummer though, as I have purchased the Maxmind Country edition.
When I did try to install GeoLiteCity.dat I got the error below
file /usr/share/GeoIP/GeoIP.dat from install
Hi Ali
On Tue, Jul 01, 2014 at 08:41:32PM +0200, Ali Jawad wrote:
[root@uk etc]# ls -lart /usr/share/GeoIP/
-rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat
Though this is not the problem causing the failure:
This filesize looks too large for it to be the current country database
Hi Mukund
This is the paid version of the DB, tailing that file states
GEO-106 20140624 Build 1 Copyright (c) 2014 MaxMind Inc All Rights Reserved
As said it does work with the geoiplookup tool.
seLinux is disabled and permissions for files are default on a fresh
system..see below for GeoIP dir
In message 53b2d903.4070...@thelounge.net, Reindl Harald writes:
Am 01.07.2014 17:46, schrieb Matus UHLAR - fantomas:
You need to start named as root for it to be able to chroot. (Unles
s
Solaris has some cunning fine-grained privilege feature I don't kno
w
about.)
On 01.07.14
20 matches
Mail list logo
