8.2.2-p5 keeps dying on linux box

[johnny cal]

>>>>>> "johnny" == johnny cal <johnnycal at ispchannel.com> writes:
>
>    johnny> named-xfer [14496] can't make tmpfile 
domains/db.domain.k3adna): No such file or directory.
>
>    johnny> how do I fix on a sun netra, running named 8.2.2p5 sol 2.7
>    johnny> permissions look good and nothiing was done lately, do you
>    johnny> think I got hacked?
>
>It could be, though the idea that an attacker would break in, diddle
>the name server set up and do nothing else that would be noticed seems
>far-fetched. The most likely explanations are that you either did make
>a change and overlooked it or else you had/have a broken named.conf.
>
>Does the directory domains exist? [What's its full pathname?] If it
>doesn't - or its in the wrong place - this would explain the error.
>Usually a missing pathname component is the only reason why a creat()
>or open() system call fails ENOENT: "no such file or directory". Maybe
>you didn't specify a working directory for named in the options{}
>statement? If so, the name server would use whatever was the current
>directory when it was started as its working directory. This could
>potentially be anywhere in the file system.
>
>
>

actually somebody was portscanning our machine and somehow a zero sized 
db file was included into named.conf somewhere maybe by a named-xfer 
that makes named fail.  My friend let me know that zero sized db files 
will always make named fail , and I noticed that we had maybe 40 size 0 
packets.  I looked for 

db.domainname.com.3f4n3

or from the root directory of named 
find . -size 0 -exec rm -i {} \;

also look at netstat -a or netstat -t
should see some port connections, hopefully this helps in the future


-----------------------------------
This message was sent with the demo version of Postmaster, a BeOS mail client.
For more information, please visit http://kennyc.com/postmaster