I'm having problems getting include statements to work.

I am running fedora core 4, with the standard bind install.


I am using the default named.conf file which loads bind without a problem, and it has one include statement in it already:

include "/etc/rndc.key";

However, when I attempt to load a second include statement such as:

include "/etc/rndc.key";
include "/var/named/chroot/etc/acl.conf";

I get this error message when I attempt to load bind:

[root@localhost ~]# service named start
Starting named:
Error in named configuration:
/etc/named.conf:68: open: /var/named/chroot/etc/acl.conf: file not found
[FAILED]

The permissions on acl.conf are as follows:
-rw-r--r-- 1 root named 40 Jan 6 10:08 /var/named/chroot/etc/acl.conf

The permissions on rndc.key are as follows:
-rw-r--r-- 1 root named 132 Jan 5 14:54 /var/named/chroot/etc/rndc.key

Any Ideas? I don't understand how the file can't be found when i'm looking right at it.

-KARL

Since it seems to be in a "chroot jail", you may want to try using
"/etc/acl.conf" instead.

When a chroot jail is used, the "/" directory actually changes.
So if you chroot to /var/named/chroot/ then the new "/" directory is actually the
directory /var/named/chroot/. So, "/etc/acl.conf" in the chroot jail is the same as
/var/named/chroot/etc/acl.conf on your real filesystem.

Same goes for /etc/rndc.key. Your example clearly shows that the include of "rndc.key" is done inside
the chroot jail (since you've put /etc/rndc.key, not /var/named/chroot/etc/rndc.key, which would cause an error). Do the same for acl.conf and it should do the trick...

Is there anyway I can remove the "chroot jail" so I can use absolute paths? I have several include files that have very specific paths such as /etc/smbind/smbind.conf being written to by apache.

-Karl

First of all, the chroot jail you indicated seems to only apply to "named", the DNS server program.
Other programs, like Apache, may use a different jail or no jail at all.
The fact that you have a chroot jail for "named", doesn't mean you have the same jail for all your programs.

Secondly, even inside a jail, you can still use absolute paths. You just need to keep in mind that all files
need to be stored as if the chroot directory is your / directory.
For instance:
let's say I'm setting up a chroot jail in /my/chroot/.
Under this directory, I'll need to create subdirectories like "etc", "bin", etc, just like under the regular /
directory. Once I've chroot'ed to /my/chroot/, that directory will become my new "/" directory. All programs and files in the normal /etc/, /bin/, /usr/bin, ... will become unreachable.
But nothing prevents me from copying any files from the normal /etc/ to /my/chroot/etc/, from /bin to /my/chroot/bin (but you'll need to execute these copy operations before you chroot).

My final point is that your "named" chroot jail is probably in place for security.
Breaking out of it is not so easy and I strongly recommend against it (it defeats it's security purpose).
It may be possible to configure your DNS system to not use a chroot jail, but that can also cause security issues.

Yeah I just turned off the chroot jail in the install, works great now. I appreciate the security side of it, but it must work with smbind and phpmyadmin and a mysql database, there is far too much f*$king around to be playing with a chroot jail and relinking all the paths of these programs, i think i'll stick to good ol' /var/named for now.

-KARL