Jails, ping, and now DNS

Ernie Luzar luzar722 at gmail.com
Fri Feb 2 15:44:34 UTC 2018 

James B. Byrne via freebsd-questions wrote:
> Ok, this jail setup thing is slowly driving me mad.  Can someone
> explain the following behaviour observed on a jail (hll124) set up
> using ezjail?
> 
> root at hll107:~ # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 1
> 
> root at hll107:~ # service local_unbound onestatus
> local_unbound is running as pid 76810.
> 
> root at hll107:~ # drill vhost04.hamilton.harte-lyne.ca
> 
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
> ;; QUESTION SECTION:
> 
> 
> ;; vhost04.hamilton.harte-lyne.ca.      IN      A
> 
> ;; ANSWER SECTION:
> vhost04.hamilton.harte-lyne.ca. 172765  IN      A       216.185.71.44
> 
> ;; AUTHORITY SECTION:
> harte-lyne.ca.  172765  IN      NS      dns04.harte-lyne.ca.
> harte-lyne.ca.  172765  IN      NS      dns01.harte-lyne.ca.
> harte-lyne.ca.  172765  IN      NS      dns03.harte-lyne.ca.
> harte-lyne.ca.  172765  IN      NS      dns02.harte-lyne.ca.
> 
> ;; ADDITIONAL SECTION:
> dns01.harte-lyne.ca.    172765  IN      A       216.185.71.33
> dns02.harte-lyne.ca.    172765  IN      A       209.47.176.33
> dns03.harte-lyne.ca.    172765  IN      A       216.185.71.34
> dns04.harte-lyne.ca.    172765  IN      A       209.47.176.34
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1
> ;; WHEN: Fri Feb  2 14:34:17 2018
> ;; MSG SIZE  rcvd: 208
> 
> root at hll107:~ # ping 216.185.71.44
> PING 216.185.71.44 (216.185.71.44): 56 data bytes
> 64 bytes from 216.185.71.44: icmp_seq=0 ttl=64 time=0.357 ms
> 64 bytes from 216.185.71.44: icmp_seq=1 ttl=64 time=0.382 ms
> ^C
> --- 216.185.71.44 ping statistics ---
> 3 packets transmitted, 2 packets received, 33.3% packet loss
> round-trip min/avg/max/stddev = 0.357/0.369/0.382/0.012 ms
> 
> root at hll107:~ # ping vhost04.hamilton.harte-lyne.ca
> ping: cannot resolve vhost04.hamilton.harte-lyne.ca: Host name lookup
> failure
> 
> root at hll107:~ #
> 
> 
> 

Your problem is your using ezjail which uses the deprecated rc.conf 
environment-variable method. Most jail users have stopped using ezjail 
so support for problems like you are having is very limited.

Every time you start a ezjail jail an error message popes out telling 
you to convert your jail system to the jail.conf method. That error 
message has been issued since 9.1. Its about time you do as it says 
before you get caught with a unsupported production jail environment. 
There is a good chance the deprecated rc.conf environment-variable 
method will be removed in 12.0 release.

If you are addicted to the ezjail jail coding method then check out 
qjail which is a fork of ezjail that uses the jail.conf method.

More information about the freebsd-questions mailing list