LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-19-2005, 10:06 PM   #1
Aura_Bleu
LQ Newbie
 
Registered: Jan 2005
Location: Brockville, ON, Canada
Distribution: Slackware 10.2
Posts: 11

Rep: Reputation: 0
Question named will not start in chroot jail


Good day!

I am having some issues with getting BIND to run in a chroot jail. I have tried using several walkthroughs on the matter, and I have even done some searches here, and at a couple other forums. I have tried playing with permissions, I have made sure I have a user named with a group named. I have doulbe and triple checked to make sure I have all of the files in the chroot jail as per the walkthrough I followed (http://www.faqs.org/docs/Linux-HOWTO...IND-HOWTO.html) I have double and triple checked my config files, and made sure I had the zone files in the right places..

I have prepared the chroot jail in /chroot/named Here is the directory structure of /chroot/named

./etc - contains named.conf, localtime
./dev - contains log=, null, random
./bin - contains false
./var - contains directories run and named
./var/named contains the zone files

My named.conf is as follows:
Code:
acl internal {
	10.50.1.0/24;
	};
acl bogus {
	0.0.0.0/8;
	1.0.0.0/8;
	2.0.0.0/8;
	5.0.0.0/8;
	7.0.0.0/8;
	23.0.0.0/8;
	27.0.0.0/8;
	31.0.0.0/8;
	36.0.0.0/8;
	37.0.0.0/8;
	39.0.0.0/8;
	42.0.0.0/8;
	49.0.0.0/8;
	50.0.0.0/8;
	77.0.0.0/8;
	78.0.0.0/8;
	79.0.0.0/8;
	92.0.0.0/8;
	93.0.0.0/8;
	94.0.0.0/8;
	95.0.0.0/8;
	96.0.0.0/8;
	97.0.0.0/8;
	98.0.0.0/8;
	99.0.0.0/8;
	100.0.0.0/8;
	101.0.0.0/8;
	102.0.0.0/8;
	103.0.0.0/8;
	104.0.0.0/8;
	105.0.0.0/8;
	106.0.0.0/8;
	107.0.0.0/8;
	108.0.0.0/8;
	109.0.0.0/8;
	110.0.0.0/8;
	111.0.0.0/8;
	112.0.0.0/8;
	113.0.0.0/8;
	114.0.0.0/8;
	115.0.0.0/8;
	116.0.0.0/8;
	117.0.0.0/8;
	118.0.0.0/8;
	119.0.0.0/8;
	120.0.0.0/8;
	121.0.0.0/8;
	122.0.0.0/8;
	123.0.0.0/8;
	169.254.0.0/16;
	172.16.0.0/12;
	173.0.0.0/8;
	174.0.0.0/8;
	175.0.0.0/8;
	176.0.0.0/8;
	177.0.0.0/8;
	178.0.0.0/8;
	179.0.0.0/8;
	180.0.0.0/8;
	181.0.0.0/8;
	182.0.0.0/8;
	183.0.0.0/8;
	184.0.0.0/8;
	185.0.0.0/8;
	186.0.0.0/8;
	187.0.0.0/8;
	192.0.2.0/24;
	192.168.0.0/16;
	197.0.0.0/8;
	223.0.0.0/8;
	224.0.0.0/3;
	};

options {
	directory "/var/named";
	// query-source address * port 53;
	allow-query {internal; localhost; };
	allow-recursion { internal; localhost; };
	notify no;
	transfer-format many-answers;
	max-transfer-time-in 60;
	interface-interval 0;
	blackhole { bogus; };
	forward first;
	forwarders {
		24.226.10.193;
		24.226.1.93;
		24.226.10.194;
	};
};

// 
// a caching only nameserver config
// 
zone "." IN {
	type hint;
	file "caching-example/named.ca";
};

zone "localhost" IN {
	type master;
	file "caching-example/localhost.zone";
	allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "caching-example/named.local";
	allow-update { none; };
};

zone "aura-bleu.net" IN {
	type master;
	file "aura-bleu.net/hosts.db";
	allow-update {none; };
	notify no;
	allow-query { any; };
};
When I try and run the server normally, it does run, and works as expected, however, when I try to run it chroot'd, I get the following information in the logs:

Code:
Dec 19 22:49:03 aura-bleu named[9956]: starting BIND 9.3.1 -u named -t /chroot/named -c /etc/named.conf
Dec 19 22:49:03 aura-bleu named[9956]: loading configuration from '/etc/named.conf'
Dec 19 22:49:03 aura-bleu named[9956]: no IPv6 interfaces found
Dec 19 22:49:03 aura-bleu named[9956]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 19 22:49:03 aura-bleu named[9956]: listening on IPv4 interface eth0, 10.50.1.100#53
Dec 19 22:49:03 aura-bleu named[9956]: couldn't add command channel 127.0.0.1#953: file not found
I hope someone can point me in the right direction to solving this issue. Please let me know of any additional information you need

thanks
 
Old 12-20-2005, 04:24 AM   #2
DaveG
Member
 
Registered: Nov 2001
Location: London, UK
Distribution: Fedora 16
Posts: 160

Rep: Reputation: 41
bind sets up a default control channel. To disable it, add a line 'controls {}' to the config. See the "controls Statement Grammer" section of the bind9 Admin Reference Manual.

This default also looks for it's security keys in /etc/rndc.key and you will need to move this in to the jail and set up a symbolic link in /etc for 'rndc' to use.

There's a similar problem if you use dynamic DHCP/DNS updates.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot jail Gimpy Linux - Software 10 05-07-2010 01:30 PM
Chroot jail pachanga Linux - General 12 09-26-2008 05:15 AM
Jail and chroot rogk Linux - Security 2 10-16-2005 02:20 AM
chroot jail etc. f1uke Linux - Security 5 08-24-2005 03:12 AM
chroot jail simon Linux - Security 3 08-05-2001 08:21 PM


All times are GMT -5. The time now is 07:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration