ndc error on 8.2.2.2-P5 / AIX4.3.2

Mathias Koerber mathias at staff.singnet.com.sg
Tue Dec 7 14:24:21 UTC 1999


I generally find that named.conf is *much* more sensitive
to syntax problems than named.boot was. in boot, a syntax
error only affected one zone at most (uaually), in .conf, one
syntax error can affect the WHOLE server.

Is there *anything* that can be done to make it more robust?

I have several times requested a stand-alone syntax checker which
uses the exact same parser which bind does, or a syntax-check-only flag for
BIND-8 itself, so that one can verify the .conf file before reload.
(Yes, we have a  Bronze support contract which gives us feature priority [at
least it should] !) This is an *urgently* required feature ! I'm not really
comfy with waiting for BIND-9 for this (is this even planned for BIND-9,
first release or Beta?)

Mathias

-----Original Message-----
From: Mark.Andrews at iengines.com <Mark.Andrews at iengines.com>
To: Rip Loomis <Gilbert.R.Loomis at cpmx.saic.com>
Cc: MICHALA at uk.ibm.com <MICHALA at uk.ibm.com>; bind-workers at isc.org
<bind-workers at isc.org>
Date: Tuesday, December 07, 1999 10:15 PM
Subject: Re: ndc error on 8.2.2.2-P5 / AIX4.3.2


|
| Named will fail to create the control channel if there is a
| syntax error in named.conf when it is started.  Given named.conf
| can control the location and permission of the control channel
| it may not be safe to start it in the default location.
|
| Mark
|
|> Tony--
|> I agree that it would be nice if ndc were smart
|> enough to report that named is not running.
|> Unfortunately, the path to the control channel
|> is hard-coded into ndc and named at compile time.
|> For named, it can be changed once in named.conf
|> and will be used from then on at runtime, but
|> the only way to change the setting in ndc at
|> runtime is to specify ndc -c /path/to/channel
|> on the command line.
|>
|> On Solaris, HP-UX, and Linux (my test platforms),
|> the only times I see that message are if named
|> is not running, or when there's a mismatch between
|> what named thinks the control channel is and what
|> ndc thinks it is.  In that situation, all ndc can
|> really tell us is that it can't find its end
|> of the control channel (from my reading of the
|> code, anyway).  Maybe ndc could at least
|> postulate that named is not running and give
|> a more useful error message.
|>
|> I would recommend that the DNS admin who's reporting
|> the problem (with named not always being stopped)
|> check and make sure that the setting in named.conf
|> matches the one compiled into ndc.  Is the failure
|> to stop named intermittent, or every time?  If
|> it's intermittent, then my only thought would be
|> an issue with pipes on AIX.
|>
|> Hope this helps--
|>
|> --Rip Loomis
|>
|> Rip Loomis Voice Number: (410) 953-6874
|> --------------------------------------------------------
|> Security Engineer
|> Center for Information Security Technology
|> Science Applications International Corporation
|> http://www.cist.saic.com
|>
|>
|> > -----Original Message-----
|> > From: bind-workers-bounce at isc.org
|> > [mailto:bind-workers-bounce at isc.org]On
|> > Behalf Of MICHALA at uk.ibm.com
|> > Sent: Tuesday, December 07, 1999 8:17 AM
|> > To: bind-workers at isc.org
|> > Subject: ndc error on 8.2.2.2-P5 / AIX4.3.2
|> >
|> >
|> >
|> >
|> > "ndc stop" on AIX4.3.2 reports the following when named is
|> > not running:
|> >
|> > ndc: error: ctl_client: evConnect(fd 3): Connection refused
|> > ndc: error: cannot connect to command channel (/etc/ndc)
|> >
|> > This makes sense of course, but wouldn't a message reporting that
|> > "named is not running" be more appropriate?
|> >
|> > One of our DNS Admins has also reported that "ndc stop" does not
|> > always stop named on AIX, and returns the above message.
|> > Has anybody else seen this bahaviour on AIX or any other platforms?
|> >
|> > - - -
|> > Tony Michalakopoulos
|> > EMEA Firewall & IP Services, AT&T Global Network Services
|> > P.O. Box 41, North Harbour, Portsmouth, Hants, PO6 3AU, UK,
|> > Mail point C2E
|> > Phone:  Internal # 7-255327    International:  +44-2392-565327
|> > Fax:  +44-2392-210543    Pager:  +44-941-122061    Internet:
|> > michala at uk.ibm.com
|> >
|> >
|> >
|>
|--
|Mark Andrews, Internet Engines Inc. / Internet Software Consortium
|1 Seymour St., Dundas Valley, NSW 2117, Australia
|PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com
|



More information about the bind-workers mailing list