[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BIND problem

> On Feb 22, 2016, at 3:58 PM, Reco <recoverym4n@gmail.com> wrote:
> 
> First one is 'ls -ald /var/cache'.

root@log:~# ls -ald /var/cache
drwxr-xr-x 14 root root 4096 Oct 12  2013 /var/cache

> Second one is 'sudo -u touch /var/cache/bind/slaves/1'.

sudo: unknown user: touch
sudo: unable to initialize policy plugin

(Should there have been a "bind" after the '-u'? I just tried that, and it returns an empty line.)

> 'su -l bind -c "touch /var/cache/bind/slaves/1"' should do it too since
> you have an interactive login shell for bind.

That one replies with an empty line. BIND's shell is still BASH (I thought I'd deleted that long ago).

If I do 'su -l bind -c "touch /var/cache/bind/slaves/1" ; echo $?', it prints '0'.

> Third one (hey, you never know) is 'ls -ald /'.

drwxr-xr-x 25 root root 4096 Jun  6  2014 /

...

Wait a minute. I just took a look at today's DNS log with 'cat /var/log/daemon | egrep permission' and I see at the bottom:

Feb 22 02:15:07 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied
Feb 22 02:23:31 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-jpxayKBERz: open: permission denied
Feb 22 02:29:31 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-KvIK8XPZRW: open: permission denied

That says to me that the problem stopped around 2AM last night, no? I think that's about the time I rebooted the server -- I don't remember why. If that's true, something got well of natural causes, and I apologize tremendously for the noise. 

The 2 PIDs could very well be because I had 2 BINDs running for a while trying to figure this out -- one as user bind, and one as root. There's a command in my history file to kill 20061.

'logwatch --range today' prints (about the DNS dumps):

    dumping master file: /var/cache/bind/slaves/tmp-18yeqdeUo7: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-5cVqqTAnb6: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-8m09QHZPqR: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-93yzSn2HVG: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-KQi00ADskK: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-KnYb1BM7ho: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-KvIK8XPZRW: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-Mvis5kMjqB: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-NB1hVFYTQ3: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-RbEDOfprSt: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-Tr7TNyn2pB: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-X7frzE1EHg: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-fHVyGM1SqQ: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-fSPdEwQTGO: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-h28gNDyR7n: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-jpxayKBERz: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-n99ZL1tdSc: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-pPGgsIYF9T: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-qbxXuXSlvZ: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-ucvOB7hKDt: open: permission denied: 1 Time(s)
    dumping master file: /var/cache/bind/slaves/tmp-yhcq7G3STF: open: permission denied: 1 Time(s)

The day isn't over yet, but compared to the last few days, that does seem like a pretty small number of failed dumps.

'cat /var/log/daemon.log | egrep '^Feb 22.*tmp-' | sort -k9' (sorted on filename to match logwatch's sorting it's lines) prints:

Feb 22 01:57:18 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-18yeqdeUo7: open: permission denied
Feb 22 00:14:54 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-5cVqqTAnb6: open: permission denied
Feb 22 00:25:48 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: permission denied
Feb 22 02:15:07 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied
Feb 22 00:51:46 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-8m09QHZPqR: open: permission denied
Feb 22 01:24:08 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-93yzSn2HVG: open: permission denied
Feb 22 01:42:43 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-fHVyGM1SqQ: open: permission denied
Feb 22 00:57:44 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-fSPdEwQTGO: open: permission denied
Feb 22 01:31:03 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-h28gNDyR7n: open: permission denied
Feb 22 02:23:31 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-jpxayKBERz: open: permission denied
Feb 22 01:48:41 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-KnYb1BM7ho: open: permission denied
Feb 22 01:17:57 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-KQi00ADskK: open: permission denied
Feb 22 02:29:31 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-KvIK8XPZRW: open: permission denied
Feb 22 00:14:26 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-Mvis5kMjqB: open: permission denied
Feb 22 00:38:07 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-n99ZL1tdSc: open: permission denied
Feb 22 01:37:22 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-NB1hVFYTQ3: open: permission denied
Feb 22 02:01:07 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-pPGgsIYF9T: open: permission denied
Feb 22 00:29:50 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-qbxXuXSlvZ: open: permission denied
Feb 22 02:10:34 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-RbEDOfprSt: open: permission denied
Feb 22 01:06:38 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-Tr7TNyn2pB: open: permission denied
Feb 22 01:11:35 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-ucvOB7hKDt: open: permission denied
Feb 22 00:02:30 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-X7frzE1EHg: open: permission denied
Feb 22 00:43:19 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-yhcq7G3STF: open: permission denied

I think the file names are identical. The first and last are, anyway, and wc -l says they have the same number of lines (24).

And without the sort (effectively sorted on time):

Feb 22 00:02:30 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-X7frzE1EHg: open: permission denied
Feb 22 00:14:26 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-Mvis5kMjqB: open: permission denied
Feb 22 00:14:54 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-5cVqqTAnb6: open: permission denied
Feb 22 00:25:48 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-5n3f6qn0Cj: open: permission denied
Feb 22 00:29:50 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-qbxXuXSlvZ: open: permission denied
Feb 22 00:38:07 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-n99ZL1tdSc: open: permission denied
Feb 22 00:43:19 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-yhcq7G3STF: open: permission denied
Feb 22 00:51:46 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-8m09QHZPqR: open: permission denied
Feb 22 00:57:44 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-fSPdEwQTGO: open: permission denied
Feb 22 01:06:38 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-Tr7TNyn2pB: open: permission denied
Feb 22 01:11:35 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-ucvOB7hKDt: open: permission denied
Feb 22 01:17:57 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-KQi00ADskK: open: permission denied
Feb 22 01:24:08 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-93yzSn2HVG: open: permission denied
Feb 22 01:31:03 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-h28gNDyR7n: open: permission denied
Feb 22 01:37:22 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-NB1hVFYTQ3: open: permission denied
Feb 22 01:42:43 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-fHVyGM1SqQ: open: permission denied
Feb 22 01:48:41 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-KnYb1BM7ho: open: permission denied
Feb 22 01:57:18 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-18yeqdeUo7: open: permission denied
Feb 22 02:01:07 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-pPGgsIYF9T: open: permission denied
Feb 22 02:10:34 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-RbEDOfprSt: open: permission denied
Feb 22 02:15:07 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-7OngiRhduG: open: permission denied
Feb 22 02:23:31 log named[20061]: dumping master file: /var/cache/bind/slaves/tmp-jpxayKBERz: open: permission denied
Feb 22 02:29:31 log named[20117]: dumping master file: /var/cache/bind/slaves/tmp-KvIK8XPZRW: open: permission denied

Am I right? That the problem stopped at 2:30 last night? 

If I am, I have a bigger problem: WTF is going on in my server? 

And where/why is BIND writing all those files? I don't see any below /var/cache/bind. And why is BIND trying to dump a master file into the slaves directory?

-- 
Glenn English
Reply to: