Questions and Answers

Amy Rich

Q. I found the following line in /etc/system on my Sun E3500:

set snooping=1

I’m not really sure what this is for, but it looks pretty suspicious. Does this mean that I’ve been hacked and that someone is snooping everything that goes out of and comes into the machine?

A. The snooping parameter in /etc/system is not for snooping traffic flowing through the machine. Setting snooping to true (1) turns on the deadman timer and is used to try to force a drop to the ok prompt when the system hangs hard. At that point, you generally do a sync to get a core dump for someone to dissect. This parameter is probably set in /etc/system because of some issue with the system hanging without crashing sometime in the past. This is a common request made by Sun support to help in debugging such situations. I hope you’re doing some sort of checksumming on your system files, so you can verify when this change was made if you do not remember making it yourself.

Q. I’m setting up several servers in various parts of the country for one client. Each server will be hosting its own domain, including Web, email, ftp, etc. I was wondering how best to configure DNS for these machines. Should one machine be master and all the rest slaves, or should each machine be master for its own domain and slaves for the others?

A. Depending on the number of machines, there are tradeoffs with whichever method you choose. How many machines are there (4, 10, 50+)? For a large number of machines, making each the master for its own domain can be an administrative nightmare — especially if all of your IT people are centralized in one place and changes must be made to each machine individually. It also makes it harder to keep track of the changes made if you’re using any sort of revision control.