Tengo bind_8.2.3-0.potato.1 metido en un chroot y sospecho que
no funciona todo lo bien que deber�a. Al cabo de unos d�as de
reiniciarlo me encontr� sin clones en el IRC porque el servidor de
IRC no era capaz de hacer la resoluci�n inversa de mi IP. Ahora le
he dado una direcci�n de mi dominio a una amiga y me dijo que no
funcionaba, entonces le dije la IP y ahora mismo est� navegando.
Si inicio el daemon como root todo vuelve a la normalidad, lo
que parece indicar que puede ser un problema de permisos.
# ls -laR /chroot/named/
/chroot/named/:
total 28
drwxr-xr-x 7 root root 4096 May 21 21:54 ./
drwxr-xr-x 3 root root 4096 May 21 21:54 ../
drwxr-xr-x 2 root root 4096 May 24 12:13 dev/
drwxr-xr-x 3 root root 4096 May 21 16:43 etc/
drwxr-xr-x 2 root root 4096 May 21 21:55 lib/
drwxr-xr-x 3 root root 4096 May 21 16:10 usr/
drwxr-xr-x 4 root root 4096 May 22 09:01 var/
/chroot/named/dev:
total 8
drwxr-xr-x 2 root root 4096 May 24 12:13 ./
drwxr-xr-x 7 root root 4096 May 21 21:54 ../
srw-rw-rw- 1 root root 0 May 24 12:13 log=
crw-rw-rw- 1 root root 1, 3 May 21 16:12 null
/chroot/named/etc:
total 24
drwxr-xr-x 3 root root 4096 May 21 16:43 ./
drwxr-xr-x 7 root root 4096 May 21 21:54 ../
drwxr-xr-x 2 named named 4096 Jun 24 05:08 bind/
-rw-r--r-- 1 root root 13 May 21 16:43 group
-rw-r--r-- 1 root root 946 May 21 16:12 localtime
-rw-r--r-- 1 root root 465 May 21 16:11 nsswitch.conf
/chroot/named/etc/bind:
total 128
drwxr-xr-x 2 named named 4096 Jun 24 05:08 ./
drwxr-xr-x 3 root root 4096 May 21 16:43 ../
-rw-r--r-- 1 named named 237 Apr 11 2000 db.0
-rw-r--r-- 1 named named 271 Apr 11 2000 db.127
-rw-r--r-- 1 named named 237 Apr 11 2000 db.255
-rw-r--r-- 1 named named 256 Apr 11 2000 db.local
-rw-r--r-- 1 named named 1516 May 14 20:17 db.root
-rw-r--r-- 1 named named 616 Jun 6 00:26 named.cc2k
-rw-r--r-- 1 root root 4281 May 21 16:11 named.conf
-rw-r--r-- 1 named named 973 Jun 25 21:57 named.millennium
-rw-r--r-- 1 named named 170 May 2 23:07 named.rev-cc2k
-rw-r--r-- 1 named named 177 May 2 23:07 named.rev-internal
/chroot/named/lib:
total 968
drwxr-xr-x 2 root root 4096 May 21 21:55 ./
drwxr-xr-x 7 root root 4096 May 21 21:54 ../
-rwxr-xr-x 1 root root 85654 May 21 17:34 ld-linux.so.2*
-rwxr-xr-x 1 root root 887712 May 21 17:33 libc.so.6*
/chroot/named/usr:
total 12
drwxr-xr-x 3 root root 4096 May 21 16:10 ./
drwxr-xr-x 7 root root 4096 May 21 21:54 ../
drwxr-xr-x 2 root root 4096 May 22 08:56 sbin/
/chroot/named/usr/sbin:
total 684
drwxr-xr-x 2 root root 4096 May 22 08:56 ./
drwxr-xr-x 3 root root 4096 May 21 16:10 ../
-rwxr-xr-x 1 root root 470748 May 22 08:56 named*
-rwxr-xr-x 1 root root 210108 May 22 08:56 named-xfer*
/chroot/named/var:
total 16
drwxr-xr-x 4 root root 4096 May 22 09:01 ./
drwxr-xr-x 7 root root 4096 May 21 21:54 ../
drwxrwx--- 3 root named 4096 May 22 09:01 cache/
drwxrwx--- 2 root named 4096 Jun 23 22:53 run/
/chroot/named/var/cache:
total 12
drwxrwx--- 3 root named 4096 May 22 09:01 ./
drwxr-xr-x 4 root root 4096 May 22 09:01 ../
drwxrwx--- 2 root named 4096 May 22 09:01 bind/
/chroot/named/var/cache/bind:
total 8
drwxrwx--- 2 root named 4096 May 22 09:01 ./
drwxrwx--- 3 root named 4096 May 22 09:01 ../
/chroot/named/var/run:
total 12
drwxrwx--- 2 root named 4096 Jun 23 22:53 ./
drwxr-xr-x 4 root root 4096 May 22 09:01 ../
-rw-r--r-- 1 named named 6 Jun 23 22:53 named.pid
srw------- 1 root root 0 Jun 23 22:53 ndc=
Ni que decir tiene que el servidor, en condiciones normales, se
ejecuta como named.named.
# grep named /etc/passwd /etc/shadow /etc/group
/etc/passwd:named:x:104:104::/chroot/named:/bin/false
/etc/shadow:named:!:11304:0:99999:7:::
/etc/group:named:x:104:
El script de inicio est� ligeramente modificado:
# cat /etc/init.d/bind
#!/bin/sh
PATH=/sbin:/bin:/chroot/named/usr/sbin:/usr/sbin:/usr/bin
test -x /chroot/named/usr/sbin/named || exit 0
case "$1" in
start)
echo -n "Starting domain name service: named"
start-stop-daemon --start --quiet --exec /chroot/named/usr/sbin/named
-- -t /chroot/named -u named -g named
echo "."
;;
stop)
echo -n "Stopping domain name service: named"
start-stop-daemon --stop --quiet \
--pidfile /chroot/named/var/run/named.pid --exec
/chroot/named/usr/sbin/named
echo "."
;;
restart)
echo "Plis haz /etc/init.d/bind stop; /etc/init.d/bind start"
exit 1
# /usr/sbin/ndc restart
;;
reload)
echo "Plis haz /etc/init.d/bind stop; /etc/init.d/bind start"
exit 1
# /usr/sbin/ndc reload
;;
force-reload)
$0 restart
;;
*)
echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}"
>&2
exit 1
;;
esac
exit 0
�Problema de firewall?
# ipchains -nL | grep -w 53
ACCEPT tcp ------ 1.2.3.4 195.55.160.33 * -> 53
DENY tcp ------ 0.0.0.0/0 195.55.160.33 * -> 53
ACCEPT udp ------ 0.0.0.0/0 195.55.160.33 * -> 53
S�lo le permito las conexiones entrantes hacia el puerto TCP 53
al servidor secundario de la zona (1.2.3.4), a fin de que se puedan
producir las transferencias de zona pertinentes. Permito por
supuesto UDP a todo el mundo.
No se me ocurren m�s posibles causas. Si alguien se siente
ben�fico que pruebe con nslookup algo as�:
> server 195.55.160.33
> set q=ptr
> 195.55.160.33
Y a ver qu� sale. Quien me arregle esto tiene un par de cubatas
o lo que guste en Vigo :^).
--
David Serrano <[EMAIL PROTECTED]> - Linux Registered User #87069
pgpR32P41QXTI.pgp
Description: PGP signature
