pauls at utdallas.edu
Wed Feb 1 18:39:30 PST 2006
--On February 2, 2006 7:04:06 AM +0800 Daniel <jahilliya at gmail.com> wrote:
> The biggest difference between running as root and the startup script
> are the command line arguments given in either case.
> Script flags: -u bind -t /var/named
> CLI flags: -c /usr/local/etc/named.conf -u root
Yes, I know. I'm starting the daemon as root because it can't write to the
pidfile when it's started as bind.
> The man page will show you that the -t flag indicates you want named
> to chroot (recommended practice). It also is running as bind and not
Yes, I know that as well.
> Check out /var/named and your named config file. You will probably
> find that /var/named/named.pid is not writable by the user bind.
It's writeable as bind.
ls -lsa /var/named/
2 drwxr-xr-x 5 root wheel 512 Feb 1 20:30 .
2 drwxr-xr-x 20 root wheel 512 Jan 27 17:42 ..
2 -rw-r--r-- 1 bind bind 212 Feb 1 20:15 127.0.0
1 dr-xr-xr-x 4 root wheel 512 Feb 1 20:33 dev
2 drwxr-xr-x 3 root wheel 512 Feb 1 20:11 etc
2 -rw-r--r-- 1 bind bind 580 Feb 1 20:14 friendshipforest.zone
2 -r--r--r-- 1 bind bind 1511 Feb 1 20:14 named.ca
2 -rw-r--r-- 1 bind bind 6 Feb 1 20:20 named.pid
2 -rw-r--r-- 1 bind bind 516 Feb 1 20:14 stovebolt.zone
2 drwxr-xr-x 6 root wheel 512 Feb 1 20:11 var
I removed /var/named and let the script recreate it. Now it can't find
> You may also find that the named config isn't specifying a full path
> to be used within the chroot directory (/var/named).
version "nice try";
# pid-file "named.pid";
query-source address * port 53;
> Below is the config for my named that runs chrooted.
> directory "/";
> pid-file "/named.pid";
> dump-file "/dump/named_dump.db";
> statistics-file "/stats/named.stats";
> Yours may look something like:
> directory "/var/named/";
> pid-file "/var/named/named.pid";
> dump-file "/var/named/dump/named_dump.db";
> statistics-file "/etc/named/stats/named.stats";
And where do the zone files go? Where does the rndc.key file go? Where
does the named.conf file go?
> The paths in named.conf need to be relative to the chroot, not the base.
I'm not sure what you mean here. The chroot directory is /var/named. The
directory specified in named.conf is /var/named. To what are you referring
when you say "the paths"?
>> When I try to start named using rndc, I get this:
>> rndc start
>> rndc: connect failed: connection refused
> rndc does not have a command "start"
> restart is also not yet implemented.
> Writing your own startup scripts is unnecessary, especially for
> something that already has one (or in this case, maybe two, /etc/rc.d
> and /usr/local/etc/rc.d)
Except for one niggling problem. It doesn't work. Due to my ignorance,
I'm sure, but it doesn't' work.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
More information about the freebsd-questions