[rescue] Tricking DNS
Loomis, Rip
rescue at sunhelp.org
Mon Oct 22 12:53:35 CDT 2001
Paul--
Umm...think Solaris here. Yes, I use (and love) Debian
too, but "killall" and "pidof" cannot be assumed to
be present or to be fully functional (yes, there's
a killall in Sol7 but I've gotten some weird results
and don't depend on it...) The named.pid file ends up somewhere
completely different as well, depending on the method
of compilation. The way that we compile BIND 9
on Solaris, it's /var/run/named.pid.
More importantly, rndc can do much more than just start/
stop the whole DNS server monolithically, and it can do
it with acceptable security from a remote system. From
my primary UNIX desktop (with a proper rndc.conf) I can
do:
rndc reload authoritative-zone.com
and cause just that one zone to get reloaded on the
master. Cool.
--
Rip Loomis
Senior Systems Security Engineer
SAIC Center for Information Security Technology
> -----Original Message-----
> From: Paul Sladen [mailto:sun-rescue at paul.sladen.org]
> Sent: Monday, 22 October, 2001 12:35
> On Mon, 22 Oct 2001, Bill Bradford wrote:
> >
> > I've got BIND9 running; I just have to kill/restart it to get it to
> > reload zones, etc... so rndc would be nice. 8-)
>
> killall -HUP named
[[SNIP]]
> Forces a reload.
>
>
More information about the rescue
mailing list