Admin notes on ns1.hartfordschools.org and ns2.hartfordschools.org

Notes and Esoterica relating to ns1 and ns2

[ 10/6/02 ] SES: Running named setuid: slaves are different from masters
OK, a basic of running a seucre name server is chaning the user ID that the server runs as to something other than root! We do this by specifying an altertnate user ID at startup:


ns2.hartfordschools.org:/sbin/init.d ## cat named
#
# Script to start BIND (named)
#
# SES:02-09-24; SES:02-10-06

if test -x /usr/sbin/named -a -f /etc/named.conf
then
        echo "Starting named"
        /usr/sbin/named -u named
fi

On the primary master name server the name server files can all be read-only to the name server's uid: we edit them, it just loads them.

Things are different on the slave server. Here, named needs to write backup copies of the zone files it receives from the primary master into the directory specified in /etc/named.conf. In the case of ns2 I did a "chmod 775 ." followed by "chgrp named .", and away we went.

[ 10/6/02 ] SES: Telnetd problems: kernel changes
I was seeing a lot of entries like these in syslog on both hosts, accompanied by an inability to telnet into either host from off-subnet.

Oct 6 13:18:42 ns1 inetd[1709]: telnet/tcp: Connection from 199-105-240-211-nat (199.105.240.211) at Sun Oct 6 13:18:42 2002 Oct 6 13:18:42 ns1 telnetd[1709]: getpid: peer died: Error 0

Searching the HP ITRC and on Google netted a procedure for correcting this problem: tuning three kernel parameters, building a new kernel, and installing it. The procedure I followed is below:

      
  1. Change directories to /stand/build.

             cd /stand/build


  2. Create a new system file from the running kernel.

             /usr/lbin/sysadm/system_prep -s system


  3. Edit the kernel parameters file:

             vi system

     so that these parameters have these values:

             npty      400
             nstrpty   400
             nstrtel   400


  4. Build the new kernel.

            /usr/sbin/mk_kernel -s system


  5. Move the old system and vmunix files so if anything goes
     wrong, the system can be booted from the old kernel.
             mv /stand/system /stand/system.prev
             mv /stand/vmunix /stand/vmunix.prev
             mv /stand/dlkm /stand/dlkm.vmunix.prev


  6. Move the new system file and new kernel into place, ready
     to be used when rebooting the system:

             mv /stand/build/system /stand/system
             kmupdate /stand/build/vmunix_test


  7. Reboot the system off the new kernel.

             shutdown -r

The appears to have licked the problem. Ns1 already had npty cranked up to 512, so I left it there. The other values were at the default of 60.

Metro Hartford Information Services | Updated 10-6-02