[Pdns-users] Pdns-users Digest, Vol 204, Issue 10
Satya Sharma
satya876 at gmail.com
Sat Jan 11 16:51:18 UTC 2020
Hi,
I want to make interface with Windows DNS and PowerDNS any best practice
and way to do that.
On Sat, 11 Jan 2020 at 5:30 PM, <pdns-users-request at mailman.powerdns.com>
wrote:
> Send Pdns-users mailing list submissions to
> pdns-users at mailman.powerdns.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
> or, via email, send a message with subject or body 'help' to
> pdns-users-request at mailman.powerdns.com
>
> You can reach the person managing the list at
> pdns-users-owner at mailman.powerdns.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pdns-users digest..."
>
>
> Today's Topics:
>
> 1. Re: pdns-recursor Permissions Error (Sharone)
> 2. Re: pdns-recursor Permissions Error (Steve Shipway)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 10 Jan 2020 16:32:43 +0300
> From: Sharone <missakiiki at gmail.com>
> To: Brian Candler <b.candler at pobox.com>
> Cc: Otto Moerbeek <otto.moerbeek at open-xchange.com>,
> pdns-users at mailman.powerdns.com
> Subject: Re: [Pdns-users] pdns-recursor Permissions Error
> Message-ID:
> <CACMzb4dGtzN=Xo8NxscaJDpKnxpSGmqZ=h9=
> NxR_BX0JvUU4Tg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Thank you all for the generous and tremendous support.
> I have traffic on Cacti from my recursive servers now.
> Have a lovely weekend.
>
> Regards,
> Sharone
>
>
> On Fri, 10 Jan 2020 at 14:30, Brian Candler <b.candler at pobox.com> wrote:
>
> > On 10/01/2020 11:07, Sharone wrote:
> >
> > I have attempted to comment out the line *extend pdns-rec
> > /usr/local/bin/pdns_stats *in snmpd.conf file and still gotten the same
> > error, however changing permissions to the entire directory to rwx worked
> > but like you mentioned this indeed brings about a security issue.
> >
> > Oh well, if that works, you just do tighter permissions - e.g. changing
> > the directory *group* to "snmp" or "Debian-snmp" as appropriate, and
> > setting mode 775.
> >
> > This is what out-of-box recursor has:
> >
> > root at cache1:~# ls -ld /var/run/pdns-recursor
> > drwxr-xr-x 2 pdns pdns 60 Dec 12 12:49 /var/run/pdns-recursor
> >
> > root at cache1:~# ls -l /var/run/pdns-recursor/
> > total 0
> > srwxr-xr-x 1 pdns pdns 0 Dec 12 12:49 pdns_recursor.controlsocket
> >
> > Using pdns:snmp and mode 775 should be fine.
> >
> > See also the perms for the socket itself:
> >
> https://docs.powerdns.com/recursor/settings.html#socket-owner-socket-group-socket-mode
> >
> > HTH,
> >
> > Brian.
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200110/5c915578/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 2
> Date: Sat, 11 Jan 2020 20:53:08 +1300 (NZDT)
> From: Steve Shipway <steve.shipway at smxemail.com>
> To: Sharone <missakiiki at gmail.com>
> Cc: pdns-users at mailman.powerdns.com
> Subject: Re: [Pdns-users] pdns-recursor Permissions Error
> Message-ID: <352284712.7331.1578729188516 at webmail.nz.smxemail.com>
> Content-Type: text/plain; charset="utf-8"
>
> From what I can see, your snmpd system will run /usr/local/bin/pdns_stats
> as the snmpd user. This user does not have write permission to the
> /var/run/pdns-recursor directory and so you get the error.
> You could either make the /var/run/pdns-recursor mode 775 and group snmpd;
> or maybe add the snmpd user to the pdns group and make the directory mode
> 775. Note that you also need to have the same mode and ownership on the
> socket.
> Hope this helps, sorry for the slow reply have been very busy
> Steve
>
>
> > On 09 January 2020 at 18:24 Sharone <missakiiki at gmail.com> wrote:
> >
> > Hello Steve,
> >
> > I appreciate your response. Below is what is inside
> /etc/snmp/snmpd.conf file
> >
> > rocommunity public
> > syslocation "Data Center"
> > syscontact admin at techs.co.ug mailto:admin at techs.co.ug
> > createUser admin SHA admin123! AES admin123!
> > rouser admin authPriv
> > extend pdns-rec /usr/local/bin/pdns_stats
> > agentAddress udp:161,udp6:[::1]:161
> >
> > /etc/default/snmpd
> >
> > # This file controls the activity of snmpd
> >
> > # Don't load any MIBs by default.
> > # You might comment this lines once you have the MIBs downloaded.
> > export MIBS=
> >
> > # snmpd control (yes means start daemon).
> > SNMPDRUN=yes
> >
> > # snmpd options (use syslog, close stdin/out/err).
> > SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I
> -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
> >
> > snmp service status
> >
> > # systemctl status snmpd.service
> > ? snmpd.service - LSB: SNMP agents
> > Loaded: loaded (/etc/init.d/snmpd; bad; vendor preset: enabled)
> > Active: active (running) since Thu 2020-01-09 08:24:04 EAT; 4s ago
> > Docs: man:systemd-sysv-generator(8)
> > Process: 694 ExecStop=/etc/init.d/snmpd stop (code=exited,
> status=0/SUCCESS)
> > Process: 703 ExecStart=/etc/init.d/snmpd start (code=exited,
> status=0/SUCCESS)
> > Tasks: 1
> > Memory: 4.3M
> > CPU: 66ms
> > CGroup: /system.slice/snmpd.service
> > ??710 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp
> -I -smux mteTrigger mteTriggerConf -p /run/snmpd.pid
> >
> > Jan 09 08:24:04 vdns-50 systemd[1]: Starting LSB: SNMP agents...
> > Jan 09 08:24:04 vdns-50 snmpd[703]: * Starting SNMP services:
> > Jan 09 08:24:04 vdns-50 systemd[1]: Started LSB: SNMP agents.
> > Jan 09 08:24:04 vdns-50 snmpd[710]: NET-SNMP version 5.7.3
> >
> > Regards,
> > Sharone
> >
> >
> > On Wed, 8 Jan 2020 at 22:35, Steve Shipway <
> steve.shipway at smxemail.com mailto:steve.shipway at smxemail.com > wrote:
> >
> > > > On Wed, 2020-01-08 at 09:20 +0300, Sharone wrote:
> > >
> > > > > > # snmpwalk -v2c -c public localhost
> .1.3.6.1.4.1.8072.1.3.2.4.1.2
> > > >
> iso.3.6.1.4.1.8072.1.3.2.4.1.2.8.112.100.110.115.45.114.101.99.1 = STRING:
> "Fatal: Unable to generate local temporary file in directory
> '/var/run/pdns-recursor': Permission denied"
> > > >
> > > > > >
> > > A couple of thoughts here . Either
> > > - SElinux is doing its magic and blocking - this should be
> logged in the syslog if so, or
> > > - Your SNMP is running with chroot enabled and
> /var/run/pdns-recursor doesn't exist in the chroot environment
> > > - rec_control is trying to generate a tmp file as the snmp
> user so doesn't have wri
> <https://www.google.com/maps/search/tmp+file+as+the+snmp+user+so+doesn't+have+wri?entry=gmail&source=g>te
> permission.
> > > - Your SNMP daemon is using a temporary file for the
> rec_control output which it is trying to put in /var/run/pdns-recursor
> > >
> > > Being able to see your snmp daemon configuration would
> probably help with diagnosing this, so please post it here if possible.
> > >
> > > Steve
> > >
> > >
> > > --
> > > Steve Shipway | Senior Email Systems Administrator
> > > Phone: +64 9 302 0515 Fax: +64 9 302 0518
> > > Freephone: 0800 SMX SMX (769 769)
> > > SMX Limited: Level 10, 19 Victoria Street West, Auckland, New
> Zealand
> > > Web: http://smxemail.com/
> > >
> > >
> > >
> > >
> > >
> > > This email has been filtered by SMX. For more information
> visit http://smxemail.com/
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Pdns-users mailing list
> > > Pdns-users at mailman.powerdns.com mailto:
> Pdns-users at mailman.powerdns.com
> > > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> > >
> > > >
>
>
> _____________________________________________________________________________
>
> This email has been filtered by SMX. For more info visit
> http://smxemail.com
>
> _____________________________________________________________________________
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200111/5deed278/attachment-0001.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
> ------------------------------
>
> End of Pdns-users Digest, Vol 204, Issue 10
> *******************************************
>
--
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200111/fc33af53/attachment.htm>
More information about the Pdns-users
mailing list