--On February 2, 2006 7:04:06 AM +0800 Daniel <[EMAIL PROTECTED]> wrote:
The biggest difference between running as root and the startup script
are the command line arguments given in either case.
Script flags: -u bind -t /var/named
CLI flags: -c /usr/local/etc/named.conf -u root
Yes, I know. I'm starting the daemon as root because it can't write to the
pidfile when it's started as bind.
The man page will show you that the -t flag indicates you want named
to chroot (recommended practice). It also is running as bind and not
root.
Yes, I know that as well.
Check out /var/named and your named config file. You will probably
find that /var/named/named.pid is not writable by the user bind.
It's writeable as bind.
ls -lsa /var/named/
total 19
2 drwxr-xr-x 5 root wheel 512 Feb 1 20:30 .
2 drwxr-xr-x 20 root wheel 512 Jan 27 17:42 ..
2 -rw-r--r-- 1 bind bind 212 Feb 1 20:15 127.0.0
1 dr-xr-xr-x 4 root wheel 512 Feb 1 20:33 dev
2 drwxr-xr-x 3 root wheel 512 Feb 1 20:11 etc
2 -rw-r--r-- 1 bind bind 580 Feb 1 20:14 friendshipforest.zone
2 -r--r--r-- 1 bind bind 1511 Feb 1 20:14 named.ca
2 -rw-r--r-- 1 bind bind 6 Feb 1 20:20 named.pid
2 -rw-r--r-- 1 bind bind 516 Feb 1 20:14 stovebolt.zone
2 drwxr-xr-x 6 root wheel 512 Feb 1 20:11 var
I removed /var/named and let the script recreate it. Now it can't find
named.conf
You may also find that the named config isn't specifying a full path
to be used within the chroot directory (/var/named).
options {
directory "/var/named";
allow-transfer{
none;
};
allow-query{
any;
};
allow-recursion{
local-info;
};
listen-on{
127.0.0.1;
66.221.101.248;
};
version "nice try";
auth-nxdomain yes;
# pid-file "named.pid";
blackhole{
"bogusnet";
};
query-source address * port 53;
};
Below is the config for my named that runs chrooted.
directory "/";
pid-file "/named.pid";
dump-file "/dump/named_dump.db";
statistics-file "/stats/named.stats";
Yours may look something like:
directory "/var/named/";
pid-file "/var/named/named.pid";
dump-file "/var/named/dump/named_dump.db";
statistics-file "/etc/named/stats/named.stats";
And where do the zone files go? Where does the rndc.key file go? Where
does the named.conf file go?
The paths in named.conf need to be relative to the chroot, not the base.
I'm not sure what you mean here. The chroot directory is /var/named. The
directory specified in named.conf is /var/named. To what are you referring
when you say "the paths"?
When I try to start named using rndc, I get this:
rndc start
rndc: connect failed: connection refused
rndc does not have a command "start"
Missed that.
restart is also not yet implemented.
Knew that.
Writing your own startup scripts is unnecessary, especially for
something that already has one (or in this case, maybe two, /etc/rc.d
and /usr/local/etc/rc.d)
Except for one niggling problem. It doesn't work. Due to my ignorance,
I'm sure, but it doesn't' work.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"