Re: Unexpected error question
On 02/05/09 16:04, Cherney John-CJC030 wrote: Yes, I normally use svcadm disable dns/server to stop named. Also, I've modified the dns/server stop method from the usual kill: to /usr/sbin/rndc stop. I did that because I want to make sure the cache gets written to the db files, which an rndc stop does. It seems that named is having a problem with one of the files, but I can't tell which one from the first syslog message. John, Did you make other SMF changes too? Could you provide output from 'svcprop dns/server'? As Gregory touches upon below, an 'rndc stop' does attempt to execute the SMF instances stop method before named exits as that is how named informs SMF that it intentionally exited. The message you see suggests that the privileges to do so have been lost, often associated with the use of chroot users. Instead of using chroot Sun recommends changing the SMF instance property ' start/user' to specify an alternative user and or using zones(5). FYI we did consider making the default stop method perform an 'rndc stop', however we found on a large DNS server an 'rndc stop' could take a long time and thus be problematic when trying to shut down the server. That and 'rndc stop' does eventually invoke the instances stop method! Stacey Marshall Sun Microsystems Ltd. jwc -Original Message- From: Gregory Hicks [mailto:ghi...@hicks-net.net] Sent: Thursday, February 05, 2009 10:56 AM To: bind-us...@isc.org; Cherney John-CJC030 Cc: mark_andr...@isc.org Subject: RE: Unexpected error question Subject: RE: Unexpected error question Date: Thu, 5 Feb 2009 09:51:05 -0500 From: Cherney John-CJC030 john.cher...@motorola.com To: bind-us...@isc.org I see. I was assuming that the second line was caused by the first line, and that if I could get more info on the first line, I could take care of both of them. I have a named user that the named process is run as. However, I see these errors even when I use rndc stop as root. Is there any resource that recommends what permissions need to be on specific SMF files for DNS? (or in general). Or is this even a permissioning issue with SMF files? The problem comes from the idea that SMF wants to be the 'controller'. When the program in question (named in the case) receives a 'stop' command from rndc, SMF doesn't know WHY the program stopped, just that it DID stop. Thus the error. A better way to stop named might be svcadm named disable (I think that's the right syntax but could be wrong. I am NOT an SMF expert...) That should avoid the error message. There was some discussion on the smf-disc...@opensolaris.org list last month on how to avoid error messages when you don't care if the underlying service stops all by itself. Regards, Gregory Hicks Thanks! jwc -Original Message- From: mark_andr...@isc.org [mailto:mark_andr...@isc.org] Sent: Thursday, February 05, 2009 1:18 AM Cc: Cherney John-CJC030; bind-us...@isc.org Subject: Re: Unexpected error question In message 200902050609.n1569ktg082...@drugs.dv.isc.org, Mark Andrews writes: In message f021020da23b6641a05e616d5ead146304597...@de01exm60.ds.mot.com, Ch erney John-CJC030 writes: I'm seeing the following lines in syslog, which occur when I shut down named: =20 general: error: ./main.c:858: unexpected error: general: error: smf_disable_instance() failed for svc:/network/dns/server:default : insufficient privileges for action =20 I'm running 9.3.5-P1 on Solaris 10 x86 =20 I took a quick look at the source code and it looks like there should be a file and/or filenumber as part of the unexpected error line. I've noticed the same two lines when I issue an rndc stop. The named process does stop, but I'm worried that there may be data in the cache that isn't getting written to the db files. Nothing jumped out at me from my google search. It seems like I have a file permissions issue, but I haven't recently changed any file permissions. I don't see any unusual messages on startup.=20 =20 Can someone point me the right direction for this? Is there any other information I should/could provide? =20 Thanks! jwc SMF is Sun's management facility. The code in question was submitted by Sun. I would be looking at how you have SMF set up in particular how to give the user named is running under permission to disable itself. See also http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris as mentioned in the FAQ. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews
RE: Unexpected error question
I see. I was assuming that the second line was caused by the first line, and that if I could get more info on the first line, I could take care of both of them. I have a named user that the named process is run as. However, I see these errors even when I use rndc stop as root. Is there any resource that recommends what permissions need to be on specific SMF files for DNS? (or in general). Or is this even a permissioning issue with SMF files? Thanks! jwc -Original Message- From: mark_andr...@isc.org [mailto:mark_andr...@isc.org] Sent: Thursday, February 05, 2009 1:18 AM Cc: Cherney John-CJC030; bind-us...@isc.org Subject: Re: Unexpected error question In message 200902050609.n1569ktg082...@drugs.dv.isc.org, Mark Andrews writes: In message f021020da23b6641a05e616d5ead146304597...@de01exm60.ds.mot.com, Ch erney John-CJC030 writes: I'm seeing the following lines in syslog, which occur when I shut down named: =20 general: error: ./main.c:858: unexpected error: general: error: smf_disable_instance() failed for svc:/network/dns/server:default : insufficient privileges for action =20 I'm running 9.3.5-P1 on Solaris 10 x86 =20 I took a quick look at the source code and it looks like there should be a file and/or filenumber as part of the unexpected error line. I've noticed the same two lines when I issue an rndc stop. The named process does stop, but I'm worried that there may be data in the cache that isn't getting written to the db files. Nothing jumped out at me from my google search. It seems like I have a file permissions issue, but I haven't recently changed any file permissions. I don't see any unusual messages on startup.=20 =20 Can someone point me the right direction for this? Is there any other information I should/could provide? =20 Thanks! jwc SMF is Sun's management facility. The code in question was submitted by Sun. I would be looking at how you have SMF set up in particular how to give the user named is running under permission to disable itself. See also http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris as mentioned in the FAQ. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unexpected error question
In message f021020da23b6641a05e616d5ead146304597...@de01exm60.ds.mot.com, Ch erney John-CJC030 writes: Yes, I normally use svcadm disable dns/server to stop named. Also, I've modified the dns/server stop method from the usual kill: to /usr/sbin/rndc stop. I did that because I want to make sure the cache gets written to the db files, which an rndc stop does. It seems that named is having a problem with one of the files, but I can't tell which one from the first syslog message. It is only one error split over two messages. isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_ERROR, %s:%d: unexpected error:, file, line); isc_log_vwrite(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_ERROR, format, args); Mark jwc -Original Message- From: Gregory Hicks [mailto:ghi...@hicks-net.net] Sent: Thursday, February 05, 2009 10:56 AM To: bind-us...@isc.org; Cherney John-CJC030 Cc: mark_andr...@isc.org Subject: RE: Unexpected error question Subject: RE: Unexpected error question Date: Thu, 5 Feb 2009 09:51:05 -0500 From: Cherney John-CJC030 john.cher...@motorola.com To: bind-us...@isc.org I see. I was assuming that the second line was caused by the first line, and that if I could get more info on the first line, I could take care of both of them. I have a named user that the named process is run as. However, I see these errors even when I use rndc stop as root. Is there any resource that recommends what permissions need to be on specific SMF files for DNS? (or in general). Or is this even a permissioning issue with SMF files? The problem comes from the idea that SMF wants to be the 'controller'. When the program in question (named in the case) receives a 'stop' command from rndc, SMF doesn't know WHY the program stopped, just that it DID stop. Thus the error. A better way to stop named might be svcadm named disable (I think that's the right syntax but could be wrong. I am NOT an SMF expert...) That should avoid the error message. There was some discussion on the smf-disc...@opensolaris.org list last month on how to avoid error messages when you don't care if the underlying service stops all by itself. Regards, Gregory Hicks Thanks! jwc -Original Message- From: mark_andr...@isc.org [mailto:mark_andr...@isc.org] Sent: Thursday, February 05, 2009 1:18 AM Cc: Cherney John-CJC030; bind-us...@isc.org Subject: Re: Unexpected error question In message 200902050609.n1569ktg082...@drugs.dv.isc.org, Mark Andrews writes: In message f021020da23b6641a05e616d5ead146304597...@de01exm60.ds.mot.com, Ch erney John-CJC030 writes: I'm seeing the following lines in syslog, which occur when I shut down named: =20 general: error: ./main.c:858: unexpected error: general: error: smf_disable_instance() failed for svc:/network/dns/server:default : insufficient privileges for action =20 I'm running 9.3.5-P1 on Solaris 10 x86 =20 I took a quick look at the source code and it looks like there should be a file and/or filenumber as part of the unexpected error line. I've noticed the same two lines when I issue an rndc stop. The named process does stop, but I'm worried that there may be data in the cache that isn't getting written to the db files. Nothing jumped out at me from my google search. It seems like I have a file permissions issue, but I haven't recently changed any file permissions. I don't see any unusual messages on startup.=20 =20 Can someone point me the right direction for this? Is there any other information I should/could provide? =20 Thanks! jwc SMF is Sun's management facility. The code in question was submitted by Sun. I would be looking at how you have SMF set up in particular how to give the user named is running under permission to disable itself. See also http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris as mentioned in the FAQ. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unexpected error question
In message 200902051556.n15ftxrx004...@metis.hicks-net.net, Gregory Hicks wri tes: Subject: RE: Unexpected error question Date: Thu, 5 Feb 2009 09:51:05 -0500 From: Cherney John-CJC030 john.cher...@motorola.com To: bind-us...@isc.org I see. I was assuming that the second line was caused by the first line, and that if I could get more info on the first line, I could take care of both of them. I have a named user that the named process is run as. However, I see these errors even when I use rndc stop as root. Is there any resource that recommends what permissions need to be on specific SMF files for DNS? (or in general). Or is this even a permissioning issue with SMF files? The problem comes from the idea that SMF wants to be the 'controller'. When the program in question (named in the case) receives a 'stop' command from rndc, SMF doesn't know WHY the program stopped, just that it DID stop. Thus the error. A better way to stop named might be svcadm named disable (I think that's the right syntax but could be wrong. I am NOT an SMF expert...) That should avoid the error message. There was some discussion on the smf-disc...@opensolaris.org list last month on how to avoid error messages when you don't care if the underlying service stops all by itself. This is a plain permissions problem. The user named doesn't have enough permissions to disable the service svc:/network/dns/server:default in smf. Regards, Gregory Hicks Thanks! jwc -Original Message- From: mark_andr...@isc.org [mailto:mark_andr...@isc.org] Sent: Thursday, February 05, 2009 1:18 AM Cc: Cherney John-CJC030; bind-us...@isc.org Subject: Re: Unexpected error question In message 200902050609.n1569ktg082...@drugs.dv.isc.org, Mark Andrews writes: In message f021020da23b6641a05e616d5ead146304597...@de01exm60.ds.mot.com, Ch erney John-CJC030 writes: I'm seeing the following lines in syslog, which occur when I shut down named: =20 general: error: ./main.c:858: unexpected error: general: error: smf_disable_instance() failed for svc:/network/dns/server:default : insufficient privileges for action =20 I'm running 9.3.5-P1 on Solaris 10 x86 =20 I took a quick look at the source code and it looks like there should be a file and/or filenumber as part of the unexpected error line. I've noticed the same two lines when I issue an rndc stop. The named process does stop, but I'm worried that there may be data in the cache that isn't getting written to the db files. Nothing jumped out at me from my google search. It seems like I have a file permissions issue, but I haven't recently changed any file permissions. I don't see any unusual messages on startup.=20 =20 Can someone point me the right direction for this? Is there any other information I should/could provide? =20 Thanks! jwc SMF is Sun's management facility. The code in question was submitted by Sun. I would be looking at how you have SMF set up in particular how to give the user named is running under permission to disable itself. See also http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris as mentioned in the FAQ. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - Gregory Hicks | Principal Systems Engineer | Direct: 408.569.7928 People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf -- George Orwell The price of freedom is eternal vigilance. -- Thomas Jefferson The best we can hope for concerning the people at large is that they be properly armed. --Alexander Hamilton -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Unexpected error question
I'm seeing the following lines in syslog, which occur when I shut down named: general: error: ./main.c:858: unexpected error: general: error: smf_disable_instance() failed for svc:/network/dns/server:default : insufficient privileges for action I'm running 9.3.5-P1 on Solaris 10 x86 I took a quick look at the source code and it looks like there should be a file and/or filenumber as part of the unexpected error line. I've noticed the same two lines when I issue an rndc stop. The named process does stop, but I'm worried that there may be data in the cache that isn't getting written to the db files. Nothing jumped out at me from my google search. It seems like I have a file permissions issue, but I haven't recently changed any file permissions. I don't see any unusual messages on startup. Can someone point me the right direction for this? Is there any other information I should/could provide? Thanks! jwc ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
