<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Thank you all for the generous and tremendous support. <br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">I have traffic on Cacti from my recursive servers now. <br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Have a lovely weekend.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br clear="all"></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><span style="font-family:trebuchet ms,sans-serif">Regards,<br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Sharone</span><br></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 10 Jan 2020 at 14:30, Brian Candler <<a href="mailto:b.candler@pobox.com">b.candler@pobox.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>On 10/01/2020 11:07, Sharone wrote:<br>
</div>
<blockquote type="cite">I
have attempted to comment out the lineĀ <i>extend pdns-rec
/usr/local/bin/pdns_stats </i>in snmpd.conf file and still
gotten the same error, however changing permissions to the entire
directory to rwx worked but like you mentioned this indeed brings
about a security issue. </blockquote>
<p>Oh well, if that works, you just do tighter permissions - e.g.
changing the directory *group* to "snmp" or "Debian-snmp" as
appropriate, and setting mode 775.</p>
<p>This is what out-of-box recursor has:</p>
<p>root@cache1:~# ls -ld /var/run/pdns-recursor<br>
drwxr-xr-x 2 pdns pdns 60 Dec 12 12:49 /var/run/pdns-recursor</p>
<p>root@cache1:~# ls -l /var/run/pdns-recursor/<br>
total 0<br>
srwxr-xr-x 1 pdns pdns 0 Dec 12 12:49 pdns_recursor.controlsocket</p>
<p>Using pdns:snmp and mode 775 should be fine.<br>
</p>
<p>See also the perms for the socket itself: <a href="https://docs.powerdns.com/recursor/settings.html#socket-owner-socket-group-socket-mode" target="_blank">https://docs.powerdns.com/recursor/settings.html#socket-owner-socket-group-socket-mode</a></p>
<p>HTH,</p>
<p>Brian.<br>
</p>
</div>
</blockquote></div>