Hi,
saravanan ganapathy wrote: :: I am new for this list. I alreay posted my :: issue in debian-user. But I didn't get any :: help.So please help me.
There are other lists then debian-security and debian-user that can help you. I'm answering the off-topic to give you some time until you find a nice //support// list. :o)
:: I would like to configure bind9 with chroot on my :: debian woody. I have referred lot of links and based :: on that I have did the configuration. It works fine :: except some issues, when I stop bind9, I am getting :: the following error
:: Stopping domain name service: namedrndc: neither :: /etc/bind/rndc.conf nor /etc/bind/rndc.key was found
The problem is related with the rndc.key. In your case it cannot be found. :) The keys is missing. So, you have to option, copy the key from /etc/bind inside your "chroot" or create a new key. Use rndc-confgen to generate a new key (read the man page first).
If you copy your key then change the owner of your key to the same user that bind is using.
:: # addgroup named :: # adduser --system --home /home/named --no-create-home :: --ingroup named \ :: --disabled-password --disabled-login named
Good. Non privileged user, but I will recommend you to set the home dir to the "named chroot jail".
:: # mkdir /var/named
It is a good idea to use a subdir inside /var/named, something like /var/name/cage/
:: # cd /var/named :: # mkdir -p dev etc lib usr/sbin var/named var/run :: var/cache/bind :: # mv /etc/bind etc/ :: # mknod dev/null c 1 3 :: # mknod dev/random c 1 8 :: # chmod 666 dev/null dev/random :: # chown -R named.named named
:: Edited /etc/init.d/sysklogd to include SYSLOGD="-a :: /var/named/dev/log"
:: Edited /etc/init.d/bind9 to include OPTS="-u named -t :: /var/named"
:: # /etc/init.d/sysklogd restart :: # /etc/init.d/bind9 start
I didn't saw you create your new config files. You should copy /etc/bind/* inside your chroot/etc/bind And I also didn't saw you change directory permissions, as bind is not running with user privileges "he" must need privs to write inside logs and 'run', if it is a slave also inside etc/bind.
:: bind is started well without any error. I have also :: verified from the syslog file.
Weird.
:: But while stopping, the 'rndc' still refers the :: non-chroot path (/etc/bind/named.conf).
:: If I do :: # cp /var/named/etc/bind/rndc.key /etc/bind/rndc.key :: Then the bind stops without any error. :: Can you please help me to solve this problem?
The key is missing, but when you use -t and -u options in the init.d script, it should be "chrooted" and checked only the chrrot dir. Something is broken. :) Good luck.
-- ////////// // Felipe Augusto van de Wiel (faw) // [EMAIL PROTECTED] // http://www.cathedrallabs.org ///// // GUD-PR / DUG-PR || http://www.debian-pr.org // GUD-BR / DUG-BR || http://www.debian-br.org // Debian Project || http://www.debian.org/ //////////
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
