pb with bind-chroot on fc2
Alexander Dalloz
ad+lists at uni-x.org
Wed Jul 6 16:16:00 UTC 2005
Am Mi, den 06.07.2005 schrieb franklin dibus um 17:54:
Resending this to the list as the answer reached me personally and I
think it is better to be addressed to the community (for this reason I
do not strip quotation).
> sorry I 'am trying to fix this pb!
> that is /etc/named.conf
> // a caching only nameserver config
> //
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { none; };
> };
>
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
> };
>
> include "/etc/rndc.key";
>
> and that is /etc/rndc.conf
> * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
> * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
> * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
> * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> */
>
> /* $Id: rndc.conf,v 1.7 2001/01/09 21:40:45 bwelling Exp $ */
>
> /*
> * Sample rndc configuration file.
> */
>
> options {
> default-server localhost;
> default-key "rndckey";
> };
>
> server localhost {
> key "rndckey";
> };
>
> include "/etc/rndc.key";
> and that is /etc/rndc.key
> key "rndckey" {
> algorithm hmac-md5;
> secret "xxx";
* I removed the secret value and exchanged it with "xxx" for security
reasons *
Franklin, if you don't trust me it isn't a bad idea to now generate a
new rndckey.
> };
> now that are the zone files
> /var/named/localhost.zone
> $TTL 86400
> $ORIGIN localhost.
> @ 1D IN SOA @ root (
> 42 ; serial (d. adams)
> 3H ; refresh
> 15M ; retry
> 1W ; expiry
> 1D ) ; minimum
>
> 1D IN NS @
> 1D IN A 127.0.0.1
> /var/named/named.local
>
> $TTL 86400
> @ IN SOA localhost. root.localhost. (
> 1997022700 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> IN NS localhost.
>
> 1 IN PTR localhost.
> [root at ndogbong root]# nslookup localhost
> Server: 10.100.100.130
> Address: 10.100.100.130#53
>
> ** server can't find localhost: NXDOMAIN
>
> [root at ndogbong root]#
>
> but when I uninstall bind -chroot it work find!
All files look proper. My assumption that you problem is that you do not
respect that with bind chrooted the location of the files is not /etc/
and /var/named! See
/etc/sysconfig/named
and the default "ROOTDIR=/var/named/chroot" setting. bind-chrooted does
not see anything outside this chroot dir.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 18:09:58 up 11 days, 1:02, load average: 0.16, 0.25, 0.27
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050706/13276e3b/attachment-0001.sig>
More information about the fedora-list
mailing list