)(*&)(*&)(*&)(*& named
Paul Schmehl
pauls at utdallas.edu
Wed Feb 1 18:39:30 PST 2006
--On February 2, 2006 7:04:06 AM +0800 Daniel <jahilliya at gmail.com> wrote:
>
> The biggest difference between running as root and the startup script
> are the command line arguments given in either case.
>
> Script flags: -u bind -t /var/named
> CLI flags: -c /usr/local/etc/named.conf -u root
>
Yes, I know. I'm starting the daemon as root because it can't write to the
pidfile when it's started as bind.
> The man page will show you that the -t flag indicates you want named
> to chroot (recommended practice). It also is running as bind and not
> root.
>
Yes, I know that as well.
> Check out /var/named and your named config file. You will probably
> find that /var/named/named.pid is not writable by the user bind.
>
It's writeable as bind.
ls -lsa /var/named/
total 19
2 drwxr-xr-x 5 root wheel 512 Feb 1 20:30 .
2 drwxr-xr-x 20 root wheel 512 Jan 27 17:42 ..
2 -rw-r--r-- 1 bind bind 212 Feb 1 20:15 127.0.0
1 dr-xr-xr-x 4 root wheel 512 Feb 1 20:33 dev
2 drwxr-xr-x 3 root wheel 512 Feb 1 20:11 etc
2 -rw-r--r-- 1 bind bind 580 Feb 1 20:14 friendshipforest.zone
2 -r--r--r-- 1 bind bind 1511 Feb 1 20:14 named.ca
2 -rw-r--r-- 1 bind bind 6 Feb 1 20:20 named.pid
2 -rw-r--r-- 1 bind bind 516 Feb 1 20:14 stovebolt.zone
2 drwxr-xr-x 6 root wheel 512 Feb 1 20:11 var
I removed /var/named and let the script recreate it. Now it can't find
named.conf
> You may also find that the named config isn't specifying a full path
> to be used within the chroot directory (/var/named).
>
options {
directory "/var/named";
allow-transfer{
none;
};
allow-query{
any;
};
allow-recursion{
local-info;
};
listen-on{
127.0.0.1;
66.221.101.248;
};
version "nice try";
auth-nxdomain yes;
# pid-file "named.pid";
blackhole{
"bogusnet";
};
query-source address * port 53;
};
> Below is the config for my named that runs chrooted.
> directory "/";
> pid-file "/named.pid";
> dump-file "/dump/named_dump.db";
> statistics-file "/stats/named.stats";
>
> Yours may look something like:
> directory "/var/named/";
> pid-file "/var/named/named.pid";
> dump-file "/var/named/dump/named_dump.db";
> statistics-file "/etc/named/stats/named.stats";
>
And where do the zone files go? Where does the rndc.key file go? Where
does the named.conf file go?
> The paths in named.conf need to be relative to the chroot, not the base.
>
I'm not sure what you mean here. The chroot directory is /var/named. The
directory specified in named.conf is /var/named. To what are you referring
when you say "the paths"?
>>
>> When I try to start named using rndc, I get this:
>>
>> rndc start
>> rndc: connect failed: connection refused
>
> rndc does not have a command "start"
>
Missed that.
> restart is also not yet implemented.
>
Knew that.
>
> Writing your own startup scripts is unnecessary, especially for
> something that already has one (or in this case, maybe two, /etc/rc.d
> and /usr/local/etc/rc.d)
>
Except for one niggling problem. It doesn't work. Due to my ignorance,
I'm sure, but it doesn't' work.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
More information about the freebsd-questions
mailing list