Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Wed 25 Oct 2006 - 15:25:20 BST
Message-ID: <20061025142520.GB10173@MAIL.13thfloor.at>

On Tue, Oct 24, 2006 at 03:52:58PM +0200, Holger Nowak wrote:
> Hello,
> I know that running bind in a vserver guest is a bit problematic, so
> I decided to recompile Bind with linux-caps disabled according to
> http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29 and
> http://www.newt.com/debian/acornHOWTO/ (Section bind9)
>
> But I couldn't start named properly. No error messages neither on
> promt nor on syslog occur but the name server isn't running. If I want
> to stop the service I receive the well known message:
>
> Stopping domain name service: namedrndc: connect failed: connection refused
>
> But I don't think it is a permission problem, since running named in
> foreground resulting in
>
> mystery:/etc/bind# named -g -p 53
> Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53
> Oct 24 13:50:14.676 using 1 CPU
> Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf'
> Segmentation fault (core dumped)

looks like a bind bug to me, at least a proper
app should not segfault on a bad config (if it
is a bad one at all)

> strace gives no more information, so I think I've made some mistake
> configuring the listening server. The crucial file where named is stop
> is the name.conf.options
>
> mystery:/etc/bind# cat named.conf.options
> options {
>
> // Avoids listening on 127.0.0.1.
> listen-on {
> 195.227.242.154;
> };
>
> auth-nxdomain no; # conform to RFC1035
>
> };
>
> controls {
> inet 195.227.242.154 allow {
> 195.227.242.154;
> };
> };
>
> The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5
> on the host system. The host system is running bind too but I don't
> listen to the given IP.
>
> If I disable the listen directive I get the following message from
> named:
>
> mystery:/etc/bind# named -g -p 53
> Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53
> Oct 24 13:56:53.970 using 1 CPU
> Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf'
> Oct 24 13:56:53.973 no IPv6 interfaces found
> Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53
> Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed
> Oct 24 13:56:53.975 exiting (due to assertion failure)
> Aborted (core dumped)
>
> I've been at my wits' end and I hope some could help me.

well, first, let's run testme.sh and 'vserver-info - SYSINFO'
on the host and provide that, then, you might want to change
the eth0:5 alias to a 'normal' assignment (for testing), maybe
bind is once again trying to be too smart and interpret the
interfaces in a non standard way (just an idea)

besides that, bind should work without any modifications for
recent devel branch Linux-VServer kernels and with the linux
caps disabled (or with daniel_hozac's patch applied) with
stable branch kernels

just for reference, here an example for the rndc setup:

 # cat /etc/rndc.conf
       
      key mykey {
          algorithm hmac-md5;
          secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
      };
       
      options {
          default-key mykey;
          default-server 10.42.0.1;
          default-port 953;
      };
       
 # named.conf
       
      controls {
          inet 10.42.0.1 port 953
          allow { 10.42.0.1; } keys { mykey; };
      };

best,
Herbert

> Best regards,
> Holger
>
> --
> Holger Nowak
> Junior Projektmanager
> Datenmanagement | Programmierung
> > psychonomics AG
> > Berrenrather Str. 154-156
> > D-50937 Köln
> > T +49 (0) 221 42061-346
> > F +49 (0) 221 42061-100
> > E-Mail: holger.nowak@psychonomics.de
> > www.psychonomics.de
> >
>
> -------------------
>
> Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken
>
> psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
>
>
>

> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Oct 25 15:26:34 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 25 Oct 2006 - 15:26:43 BST by hypermail 2.1.8