Bind 9 running in sandbox
Stephen Hilton
nospam at hiltonbsd.com
Mon Apr 7 08:27:52 PDT 2003
On Mon, 7 Apr 2003 10:17:14 -0400 (EDT)
<dusk at badseed.bytch.net> wrote:
> I have setup my named "bind 9" to run in a sandbox. I followed the
> instructions in the FreeBSD handbook. I had the FreeBSd handbook pulled up
> online. I followed the inststruction step by step. I had no problems or
> glitches during the process. After making the changes named fails to
> start. It is unable to find the configuration files. One example is the
> "named.root" file. I added the full path in the config and it found the
> file. The example is below.
>
> zone "." {
> type hint;
> file "/etc/namedb/master/named.root";
> };
>
> Named will run now but it still can not find the other files it needs to
> work. I tried changing the paths in the config file to full path along
> with other changes. But nothing seems to work. I have a snap of the log
> below along with named.conf.
>
> ===============log snap===================
> Apr 3 22:19:59 frank named[5082]: starting BIND 9.2.2
> Apr 3 22:19:59 frank named[5082]: /usr/local/etc/named.conf:10: couldn't
> find k
> ey 'rndc-key' for use with command channel 127.0.0.1#953
> Apr 3 22:19:59 frank named[5082]: command channel listening on
> 127.0.0.1#953
> Apr 3 22:19:59 frank named[5082]: zone 0.0.127.in-addr.arpa/IN: loading
> master
> file master/localhost.rev: file not found
> Apr 3 22:19:59 frank named[5082]: zone localhost/IN: loading master file
> master
> /named.localhost: file not found
> =============================================
>
> The rndc-key is in /etc/named and it did work prior to building the
> sandbox.
>
> ==============named.conf=================
> // $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.3 2001/05/28 13:47:00
> sheldonh Ex
> p $
> //
> // Refer to the named(8) man page for details. If you are ever going
> // to setup a primary server, make sure you've understood the hairy
> // details of how DNS is working. Even with simple mistakes, you can
> // break connectivity for affected parties, or cause huge amount of
> // useless Internet traffic.
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
> key bytch.net. {
> algorithm hmac-md5;
> secret "abc123ABC123AbC123aBc123==";
> };
> options {
> directory "/";
> //named-xfer "/bin/named-xfer";
> allow-transfer { key bytch.net.; };
> query-source address * port 53;
> version "DNS on babseed.bytch.net";
> };
>
> zone "localhost" IN {
> type master;
> file "master/named.localhost";
> allow-transfer { localhost; };
> notify no;
> };
>
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "master/localhost.rev";
> allow-transfer { localhost; };
> notify no;
> };
>
> zone "." {
> type hint;
> file "/etc/namedb/master/named.root";
> };
>
> =======below this is example zone entries==============
>
> As you can see bind 9 installed in "/usr/local/sbin". Bind 8 was installed
> in "/usr/sbin". I moved the bind 8 executable to a different file name and
> made a link from "/usr/sbin" to the named executable in
> "/usr/local/sbin". I also made a link from "/etc/named/etc/named.conf" to
> a named.conf in "/usr/local/etc" because bind 9 was looking for the config
> file there.
>
I have Bind 9.2.2 running chroot fine, this is a snip from my
/etc/rc.conf that starts named on boot:
------snip------
# Flags for chrooted named
named_enable="YES" # Run named, the DNS server (or NO).
named_program="/usr/local/sbin/named" # path to named, version Bind9
named_flags="-u bind -t /var/chroot/named -c /etc/named.conf"
------snip------
The named.conf file referenced by the "-c /etc/named.conf" is
really located in /var/chroot/named/etc/
There is a subdirectory /var/chroot/named/etc/namedb
So the named.conf file has this option:
------snip------
options {
directory "/etc/namedb";
------snip------
By chrooting bind with -t into "/var/chroot/named", named then
sees all its config files in /var/chroot/named/etc/namedb as
"/etc/namedb".
HTH
Stephen Hilton
nospam at hiltonbsd.com
More information about the freebsd-questions
mailing list