<div><div dir="auto">Hi,</div></div><div dir="auto"><br></div><div dir="auto">I want to make interface with Windows DNS and PowerDNS any best practice and way to do that.</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 11 Jan 2020 at 5:30 PM, <<a href="mailto:pdns-users-request@mailman.powerdns.com">pdns-users-request@mailman.powerdns.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Pdns-users mailing list submissions to<br>
<a href="mailto:pdns-users@mailman.powerdns.com" target="_blank">pdns-users@mailman.powerdns.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:pdns-users-request@mailman.powerdns.com" target="_blank">pdns-users-request@mailman.powerdns.com</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:pdns-users-owner@mailman.powerdns.com" target="_blank">pdns-users-owner@mailman.powerdns.com</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Pdns-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: pdns-recursor Permissions Error (Sharone)<br>
2. Re: pdns-recursor Permissions Error (Steve Shipway)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Fri, 10 Jan 2020 16:32:43 +0300<br>
From: Sharone <<a href="mailto:missakiiki@gmail.com" target="_blank">missakiiki@gmail.com</a>><br>
To: Brian Candler <<a href="mailto:b.candler@pobox.com" target="_blank">b.candler@pobox.com</a>><br>
Cc: Otto Moerbeek <<a href="mailto:otto.moerbeek@open-xchange.com" target="_blank">otto.moerbeek@open-xchange.com</a>>,<br>
<a href="mailto:pdns-users@mailman.powerdns.com" target="_blank">pdns-users@mailman.powerdns.com</a><br>
Subject: Re: [Pdns-users] pdns-recursor Permissions Error<br>
Message-ID:<br>
<CACMzb4dGtzN=Xo8NxscaJDpKnxpSGmqZ=h9=<a href="mailto:NxR_BX0JvUU4Tg@mail.gmail.com" target="_blank">NxR_BX0JvUU4Tg@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Thank you all for the generous and tremendous support.<br>
I have traffic on Cacti from my recursive servers now.<br>
Have a lovely weekend.<br>
<br>
Regards,<br>
Sharone<br>
<br>
<br>
On Fri, 10 Jan 2020 at 14:30, Brian Candler <<a href="mailto:b.candler@pobox.com" target="_blank">b.candler@pobox.com</a>> wrote:<br>
<br>
> On 10/01/2020 11:07, Sharone wrote:<br>
><br>
> I have attempted to comment out the line *extend pdns-rec<br>
> /usr/local/bin/pdns_stats *in snmpd.conf file and still gotten the same<br>
> error, however changing permissions to the entire directory to rwx worked<br>
> but like you mentioned this indeed brings about a security issue.<br>
><br>
> Oh well, if that works, you just do tighter permissions - e.g. changing<br>
> the directory *group* to "snmp" or "Debian-snmp" as appropriate, and<br>
> setting mode 775.<br>
><br>
> This is what out-of-box recursor has:<br>
><br>
> root@cache1:~# ls -ld /var/run/pdns-recursor<br>
> drwxr-xr-x 2 pdns pdns 60 Dec 12 12:49 /var/run/pdns-recursor<br>
><br>
> root@cache1:~# ls -l /var/run/pdns-recursor/<br>
> total 0<br>
> srwxr-xr-x 1 pdns pdns 0 Dec 12 12:49 pdns_recursor.controlsocket<br>
><br>
> Using pdns:snmp and mode 775 should be fine.<br>
><br>
> See also the perms for the socket itself:<br>
> <a href="https://docs.powerdns.com/recursor/settings.html#socket-owner-socket-group-socket-mode" rel="noreferrer" target="_blank">https://docs.powerdns.com/recursor/settings.html#socket-owner-socket-group-socket-mode</a><br>
><br>
> HTH,<br>
><br>
> Brian.<br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200110/5c915578/attachment-0001.htm" rel="noreferrer" target="_blank">http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200110/5c915578/attachment-0001.htm</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Sat, 11 Jan 2020 20:53:08 +1300 (NZDT)<br>
From: Steve Shipway <<a href="mailto:steve.shipway@smxemail.com" target="_blank">steve.shipway@smxemail.com</a>><br>
To: Sharone <<a href="mailto:missakiiki@gmail.com" target="_blank">missakiiki@gmail.com</a>><br>
Cc: <a href="mailto:pdns-users@mailman.powerdns.com" target="_blank">pdns-users@mailman.powerdns.com</a><br>
Subject: Re: [Pdns-users] pdns-recursor Permissions Error<br>
Message-ID: <<a href="mailto:352284712.7331.1578729188516@webmail.nz.smxemail.com" target="_blank">352284712.7331.1578729188516@webmail.nz.smxemail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
>From what I can see, your snmpd system will run /usr/local/bin/pdns_stats as the snmpd user. This user does not have write permission to the /var/run/pdns-recursor directory and so you get the error.<br>
You could either make the /var/run/pdns-recursor mode 775 and group snmpd; or maybe add the snmpd user to the pdns group and make the directory mode 775. Note that you also need to have the same mode and ownership on the socket.<br>
Hope this helps, sorry for the slow reply have been very busy<br>
Steve<br>
<br>
<br>
> On 09 January 2020 at 18:24 Sharone <<a href="mailto:missakiiki@gmail.com" target="_blank">missakiiki@gmail.com</a>> wrote:<br>
> <br>
> Hello Steve,<br>
> <br>
> I appreciate your response. Below is what is inside /etc/snmp/snmpd.conf file<br>
> <br>
> rocommunity public<br>
> syslocation "Data Center"<br>
> syscontact <a href="mailto:admin@techs.co.ug" target="_blank">admin@techs.co.ug</a> mailto:<a href="mailto:admin@techs.co.ug" target="_blank">admin@techs.co.ug</a><br>
> createUser admin SHA admin123! AES admin123!<br>
> rouser admin authPriv<br>
> extend pdns-rec /usr/local/bin/pdns_stats<br>
> agentAddress udp:161,udp6:[::1]:161<br>
> <br>
> /etc/default/snmpd<br>
> <br>
> # This file controls the activity of snmpd<br>
> <br>
> # Don't load any MIBs by default.<br>
> # You might comment this lines once you have the MIBs downloaded.<br>
> export MIBS=<br>
> <br>
> # snmpd control (yes means start daemon).<br>
> SNMPDRUN=yes<br>
> <br>
> # snmpd options (use syslog, close stdin/out/err).<br>
> SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'<br>
> <br>
> snmp service status<br>
> <br>
> # systemctl status snmpd.service<br>
> ? snmpd.service - LSB: SNMP agents<br>
> Loaded: loaded (/etc/init.d/snmpd; bad; vendor preset: enabled)<br>
> Active: active (running) since Thu 2020-01-09 08:24:04 EAT; 4s ago<br>
> Docs: man:systemd-sysv-generator(8)<br>
> Process: 694 ExecStop=/etc/init.d/snmpd stop (code=exited, status=0/SUCCESS)<br>
> Process: 703 ExecStart=/etc/init.d/snmpd start (code=exited, status=0/SUCCESS)<br>
> Tasks: 1<br>
> Memory: 4.3M<br>
> CPU: 66ms<br>
> CGroup: /system.slice/snmpd.service<br>
> ??710 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux mteTrigger mteTriggerConf -p /run/snmpd.pid<br>
> <br>
> Jan 09 08:24:04 vdns-50 systemd[1]: Starting LSB: SNMP agents...<br>
> Jan 09 08:24:04 vdns-50 snmpd[703]: * Starting SNMP services:<br>
> Jan 09 08:24:04 vdns-50 systemd[1]: Started LSB: SNMP agents.<br>
> Jan 09 08:24:04 vdns-50 snmpd[710]: NET-SNMP version 5.7.3<br>
> <br>
> Regards,<br>
> Sharone<br>
> <br>
> <br>
> On Wed, 8 Jan 2020 at 22:35, Steve Shipway < <a href="mailto:steve.shipway@smxemail.com" target="_blank">steve.shipway@smxemail.com</a> mailto:<a href="mailto:steve.shipway@smxemail.com" target="_blank">steve.shipway@smxemail.com</a> > wrote:<br>
> <br>
> > > On Wed, 2020-01-08 at 09:20 +0300, Sharone wrote:<br>
> > <br>
> > > > > # snmpwalk -v2c -c public localhost .1.3.6.1.4.1.8072.1.3.2.4.1.2<br>
> > > iso.3.6.1.4.1.8072.1.3.2.4.1.2.8.112.100.110.115.45.114.101.99.1 = STRING: "Fatal: Unable to generate local temporary file in directory '/var/run/pdns-recursor': Permission denied"<br>
> > > <br>
> > > > > <br>
> > A couple of thoughts here . Either<br>
> > - SElinux is doing its magic and blocking - this should be logged in the syslog if so, or<br>
> > - Your SNMP is running with chroot enabled and /var/run/pdns-recursor doesn't exist in the chroot environment<br>
> > - rec_control is trying to generate a <a href="https://www.google.com/maps/search/tmp+file+as+the+snmp+user+so+doesn't+have+wri?entry=gmail&source=g">tmp file as the snmp user so doesn't have wri</a>te permission.<br>
> > - Your SNMP daemon is using a temporary file for the rec_control output which it is trying to put in /var/run/pdns-recursor<br>
> > <br>
> > Being able to see your snmp daemon configuration would probably help with diagnosing this, so please post it here if possible.<br>
> > <br>
> > Steve<br>
> > <br>
> > <br>
> > --<br>
> > Steve Shipway | Senior Email Systems Administrator <br>
> > Phone: +64 9 302 0515 Fax: +64 9 302 0518 <br>
> > Freephone: 0800 SMX SMX (769 769) <br>
> > SMX Limited: Level 10, 19 Victoria Street West, Auckland, New Zealand <br>
> > Web: <a href="http://smxemail.com/" rel="noreferrer" target="_blank">http://smxemail.com/</a> <br>
> > <br>
> > <br>
> > <br>
> > <br>
> > <br>
> > This email has been filtered by SMX. For more information visit <a href="http://smxemail.com/" rel="noreferrer" target="_blank">http://smxemail.com/</a><br>
> > <br>
> > <br>
> > <br>
> > <br>
> > _______________________________________________<br>
> > Pdns-users mailing list<br>
> > <a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a> mailto:<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
> > <a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
> > <br>
> > > <br>
<br>
_____________________________________________________________________________<br>
<br>
This email has been filtered by SMX. For more info visit <a href="http://smxemail.com" rel="noreferrer" target="_blank">http://smxemail.com</a><br>
_____________________________________________________________________________<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200111/5deed278/attachment-0001.htm" rel="noreferrer" target="_blank">http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200111/5deed278/attachment-0001.htm</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of Pdns-users Digest, Vol 204, Issue 10<br>
*******************************************<br>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Sent from Gmail Mobile</div>