[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] What does this DNS related message mean
- Subject: Re: [cobalt-security] What does this DNS related message mean
- From: Bruce Timberlake <bruce@xxxxxxxxxx>
- Date: Sat, 4 Jan 2003 17:48:15 -0800
- Organization: BRTNet.org
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> >>What does this DNS related message mean:
> >>
> >>check_hints: A records for J.ROOT-SERVERS.NET class 1 do not
> >> match hint records
> >
> > SSH/TELNET into your box and edit the /etc/named/db.cache file (as
> > user root or named). Replace the entry for J.ROOT-SERVERS.NET
> > with
> >
> >. 3600000 NS J.ROOT-SERVERS.NET.
> >J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
> >
> >The ipaddress changed a couple of months back.
> Thanks very much for this helpful explanation.
> I have done as you suggest.
>
> Recently, I spotted the following in my log:
>
> Jan 1 23:48:02 www named[1748]: check_hints: A records for
> J.ROOT-SERVERS.NET class 1 do not match hint records
>
> I have checked carefully for typos (none) in
> db.cache... What should I try next?
Isn't this the same question that was answered and acknowledged in the
preceding lines of your message??
The IP address for the "J" root server changed a couple of months ago.
Your server isn't auto-updating as the DNS update from Sun made the
BIND daemon run as named instead of root. The hints file is owned by
root, so named can't make changes to it. By making the changes noted
above, you'll fix the problem. Might need to HUP the named process
to make it read the new hints file, but that should solve your
problem...
- --
Bruce Timberlake
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+F47fvLA2hUZ9kgwRAhvwAJwNag05GCjWLuidsCp1Gidl44uGVACeKEUO
EwgF0Ku2neodEtdAj5SOTPA=
=Q6Q8
-----END PGP SIGNATURE-----