4.10-stable nameserver strange behavior

[Ken Cochran]

Hi:

How I refresh a system binary?

More specifically, I think I may have a compromised(?) named
in /usr/sbin but what I have in /usr/obj should be fine;
if not I still have it in /usr/src and can rebuild/reinstall it.

So how would I do the named only part of an installworld?

Or, to take it another step back, how to do the named only
part of a buildworld, followed by the named only part of an
installworld?

I have the dead-tree versions of both the Handbook  Lehey's
book.  Or, where might I find this/these procedures documented?

Actually, what has really happened is a wierdness I'm trying
to correct:  (Maybe my named has been compromised somehow but
there have been no messages in the nightly security runs.)

In the wee hours of the morning, my upstream cablemodem provider
dhcp'ed me a new ip-address.  Ok, fine...  (Dhclient seems
working fine from what the system log  tcpdump are showing.)

I can ping/traceroute (to) my system from outside (proper stuff
shows up in tcpdump too) but I can't ping/traceroute *from*
my system to anywhere (not even by ip-address).  I can ping
myself (the newly assigned ip-address just fine.

Hmm, name service isn't working correctly (I run a local
cache-only DNS, BIND 8.3.7, ya, old but someday...), so I kill 
restart named.  The appropriate named startup messages appear
in the messages-log, e.g. listening on [new ip-address].
Here's the wierd part: tcpdump shows DNS priming requests
(to the various *.root-servers.net addresses) with a *source* ip
of my *previous* ip-address, not the new one.  So far, *no* NS
requests show the proper source address; they all show the old
ip-address  not the new one.  Also, so far, behavior survives
reloading, restarting  completely killing  restarting named.

Umm... what else can I think of...  No external IPs are in the
named config and/or zone files, only local 192.168  127 things.
I can't find any zombie processes so far(?)

OS is:
 4.10-STABLE FreeBSD 4.10-STABLE #0: Sun Nov 28 03:17:35 CST 2004

Yes, I know, very old...  I do plan to upgrade...  This system
is very creaky nowadays  I'm very reluctant to reboot it;
might not come back up.  :(

Ideas?

Many thanks,

-kc
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

4.10-stable nameserver strange behavior

[Robert Huff]

Ken Cochran writes:

  How I refresh a system binary?
deletia

Assuming your source tree is the same version as installed
system ... I have been able to just go to the appropriate directory,
type make  make install.  This _not_ the canonical way, and I
wouldn't bet the rent money on it.


Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: 4.10-stable nameserver strange behavior

[Armin Arh]

On Thu, 11 Jan 2007 11:44:38 -0500 (EST)
Ken Cochran [EMAIL PROTECTED] wrote:

 Hi:
 
 How I refresh a system binary?
 
 More specifically, I think I may have a compromised(?) named
 in /usr/sbin but what I have in /usr/obj should be fine;
 if not I still have it in /usr/src and can rebuild/reinstall it.
 
 So how would I do the named only part of an installworld?

I would try something like:

cd /usr/src/usr.sbin/named
make install

Armin
-- 
PUBBOX Postmaster + spam-killer, free email address at http://pubbox.net/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]