Re: 4.10-stable nameserver strange behavior

2007-01-11 Thread Armin Arh 
On Thu, 11 Jan 2007 11:44:38 -0500 (EST)
Ken Cochran <[EMAIL PROTECTED]> wrote:

> Hi:
> 
> How I "refresh" a system binary?
> 
> More specifically, I think I may have a compromised(?) named
> in /usr/sbin but what I have in /usr/obj should be fine;
> if not I still have it in /usr/src and can rebuild/reinstall it.
> 
> So how would I do the "named only" part of an installworld?

I would try something like:

cd /usr/src/usr.sbin/named
make install

Armin
-- 
PUBBOX Postmaster + spam-killer, free email address at http://pubbox.net/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

4.10-stable nameserver strange behavior

2007-01-11 Thread Robert Huff 
Ken Cochran writes:

>  How I "refresh" a system binary?


Assuming your source tree is the same version as installed
system ... I have been able to just go to the appropriate directory,
type "make && make install".  This _not_ the canonical way, and I
wouldn't bet the rent money on it.


Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

4.10-stable nameserver strange behavior

2007-01-11 Thread Ken Cochran 
Hi:

How I "refresh" a system binary?

More specifically, I think I may have a compromised(?) named
in /usr/sbin but what I have in /usr/obj should be fine;
if not I still have it in /usr/src and can rebuild/reinstall it.

So how would I do the "named only" part of an installworld?

Or, to take it another step back, how to do the "named only"
part of a buildworld, followed by the "named only part of an
installworld?

I have the dead-tree versions of both the Handbook & Lehey's
book.  Or, where might I find this/these procedures documented?

Actually, what has really happened is a "wierdness" I'm trying
to correct:  (Maybe my named has been compromised somehow but
there have been no messages in the nightly security runs.)

In the wee hours of the morning, my upstream cablemodem provider
dhcp'ed me a new ip-address.  Ok, fine...  (Dhclient seems
working fine from what the system log & tcpdump are showing.)

I can ping/traceroute (to) my system from outside (proper stuff
shows up in tcpdump too) but I can't ping/traceroute *from*
my system to anywhere (not even by ip-address).  I can ping
"myself" (the newly assigned ip-address just fine.

Hmm, name service isn't working correctly (I run a local
cache-only DNS, BIND 8.3.7, ya, old but someday...), so I kill &
restart named.  The appropriate named startup messages appear
in the messages-log, e.g. "listening on [new ip-address].
Here's the wierd part: tcpdump shows DNS "priming" requests
(to the various *.root-servers.net addresses) with a *source* ip
of my *previous* ip-address, not the new one.  So far, *no* NS
requests show the proper source address; they all show the old
ip-address & not the new one.  Also, so far, behavior survives
reloading, restarting & completely killing & restarting named.

Umm... what else can I think of...  No external IPs are in the
named config and/or zone files, only local 192.168 & 127 things.
I can't find any zombie processes so far(?)

OS is:
 4.10-STABLE FreeBSD 4.10-STABLE #0: Sun Nov 28 03:17:35 CST 2004

Yes, I know, very old...  I do plan to upgrade...  This system
is very creaky nowadays & I'm very reluctant to reboot it;
might not come back up.  :(

Ideas?

Many thanks,

-kc
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"