Re: [PHP] PHP DNS resolving in chroot-ed environment
Georgi Hristozov wrote: > Hello, > > I'm running a Gentoo-hardened box with PHP 5.2.14-pl0-gentoo (Suhosin > included) and Apache 2.2.16. mod_php is running in a chroot, using > mpm_peruser. Everything works OK, except the PHP DNS resolving, which > I need to access HTTP resources. It fails with both the curl and http > extensions. > > With some stracing of the Apache child processes I found that PHP is > trying to access the following files: hosts, nsswitch.conf, > resolv.conf and the libnss libraries. Just being pedantic: not actually PHP, but the resolver. > I've copied them to the chroot, but the resolving still fails. strace > showed failed accesses to /dev/urandom and /dev/log, but mounting /dev > in the chroot didn't help. What does your strace show when you have mounted /dev in your chroot (with -o bind) ? -- Per Jessen, Zürich (10.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP DNS resolving in chroot-ed environment
Hello, I'm running a Gentoo-hardened box with PHP 5.2.14-pl0-gentoo (Suhosin included) and Apache 2.2.16. mod_php is running in a chroot, using mpm_peruser. Everything works OK, except the PHP DNS resolving, which I need to access HTTP resources. It fails with both the curl and http extensions. With some stracing of the Apache child processes I found that PHP is trying to access the following files: hosts, nsswitch.conf, resolv.conf and the libnss libraries. I've copied them to the chroot, but the resolving still fails. strace showed failed accesses to /dev/urandom and /dev/log, but mounting /dev in the chroot didn't help. My php.ini can be found at [1]. I'm setting the following additional flags in the vhost configuration: engine on open_basedir "/htdocs:/sessions:/tmp" session.save_path "/sessions" upload_tmp_dir "/tmp" Does anybody run similar chroot-ed PHP? Any help will be appreciated! Thanks in advance! [1] http://forkbomb.nl/temp/php.ini signature.asc Description: PGP signature
Re: [PHP] dns lookups only half working in chroot
> echo gethostbyname('www.google.de')."\n"; > print_r(dns_get_record('www.google.de', DNS_A))."\n"; > ?> [8<] > I don't understand why the first lookup fails, but the second one succeeds. > Unfortunately thinks like fsockopen() seem to use the same technique as > gethostbyname(), so they don't work either. > Any pointers would be appreciated! PHP's gethostbyname() is a wrapper for the system call of the same name, which may attempt to resolve the name using local mechanisms (/etc/hosts, perhaps an internal cache, etc.) before resorting to a DNS query. I've never studied any particular implementation of gethostbyname(), but I wouldn't be surprised to find that in some implementations it doesn't actually query DNS at all, but simply hands off the name to another mechanism that queries DNS. PHP's dns_get_record(), on the other hand, queries DNS using the resolver(3) system calls. All it needs is a network connection and a valid DNS server address. So that should help explain why one can work while the other doesn't. Not sure why gethostbyname() fails in your chroot environment, though. I've seen situations where this has happened on my internal network, but only fake hostnames that ended in ".local" were affected. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] dns lookups only half working in chroot
Hey guys, I am cross-posting this to the PHP and the PHP-FPM lists, because both are applicable in my opinion. I have got a strange problem with my php-fpm chrooted PHP environment. PHP is chrooted to /var/www/. /var/www/etc looks like this: # ls -al /var/www/etc/ insgesamt 20 drwxr-xr-x 2 root root 4096 9. Sep 20:33 . drwxr-xr-x 5 root root 4096 9. Sep 20:10 .. -rw-r--r-- 1 root root 265 9. Sep 20:12 hosts -rw-r--r-- 1 root root 513 9. Sep 20:23 nsswitch.conf -rw-r--r-- 1 root root 52 9. Sep 20:11 resolv.conf I do run the following script: Which strangely outputs this: www.google.de Array ( [0] => Array ( [host] => www.l.google.com [type] => A [ip] => 74.125.43.147 [class] => IN [ttl] => 172 ) [1] => Array ( [host] => www.l.google.com [type] => A [ip] => 74.125.43.99 [class] => IN [ttl] => 172 ) [2] => I don't understand why the first lookup fails, but the second one succeeds. Unfortunately thinks like fsockopen() seem to use the same technique as gethostbyname(), so they don't work either. Any pointers would be appreciated! Regards, Samy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DNS query in ldap_search
Hi, I have a strange problem here. I try to authenticate users with LDAP at an Active Directory Server (AD). Everything works fine. Just in some cases, authentication is not possible. As we discovered, this has something to do with a strange DNS Server setting. Sometimes a nslookup for the (imaginary) host example.ch returns an address and sometimes it does not. In times when the DNS server reports an (arbitrary) address the authentication process gets broken. Some testing with tcpdumps and the like enabled us to locate the problem in the php function ldap_search. If this function is called like it is shown in the code below, it starts a DNS query to the context (example.ch in this case). So my question is, why does "ldap_search" start a DNS query for the context? Since I'm not able to make any changes to the DNS server, I need the php-side get fixed. Does anyone has an idea? Regards, Jan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] DNS lookup w/ php
[snip] If I wanted to determine whether a domain has set up mx records, how could I accomplish this with PHP? [/snip] RTFM http://us3.php.net/manual/en/function.dns-get-mx.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DNS lookup w/ php
If I wanted to determine whether a domain has set up mx records, how could I accomplish this with PHP?
Re: [PHP] DNS lookups only sometimes
Thank you for your reply. > You'd first have to show us the source code that does the email checks. > In addition, see if you can dig out the httpd.conf and php.ini that > are used on the production server, and post links to them, after > removing any data you consider sensitive. As I am responsible for the machine, I have created the following site with all the information you have requested: http://emailtest.altig.ca There you will find: email.php (the actual script) email_php.php (the php code) httpd.conf php.ini I've set up several machines like this in the past, and have not done anything too fancy regarding Apache or PHP, and in fact, have used the Slackware 10.2 binaries for both. If there are any other questions you need before we can work towards a solution, please let me know! Otherwise, what to do next?! Best, Jadel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DNS lookups only sometimes
On Fri, October 7, 2005 2:54 pm, Jadel Menard wrote: > > I have an email validation script written in PHP that works on most > Apache machines I try it on, with the exception (of course) of my > production > box that it needs to go on. This production machine is a Slackware > 10.2 box, > running Apache 1.33 and PHP 4.4.0. > > The script works if I call it from the command line with "php -f > filename" however, if I try to call the same script from a browser > (served by > httpd) the DNS check is never made, and the script returns that the > domain of > the email address is invalid. > > The httpd people tell me that once Apache calls a .php page, PHP > handles the actual parsing of that page, so if these DNS queries > aren't > happening when the page is called through a browser, what is changing > from > when they are called from the command line? You'd first have to show us the source code that does the email checks. In addition, see if you can dig out the httpd.conf and php.ini that are used on the production server, and post links to them, after removing any data you consider sensitive. There's no rule that the PHP binary they have laying around on the machine for command line use has to have any real correspondence with the (presumed) PHP Module they have loaded into Apache. They could be different versions of PHP, with entirely different compile-time switches, and have nothing more than "PHP" in their name in common. They are USUALLY very similar, but a host could easily dis-allow certain functions in php.ini in the web environment, but your CLI PHP can easily not be using that same php.ini, and then you get the functions they don't want you to have. Worst-case scenario, you could probably use http://php.net/exec in your web PHP script to fire up PHP command line to run your DNS lookup script. This is a total hack and will have HORRIBLE performance penalties. And if the real "problem" is that your host doesn't want you doing DNS lookups in the first place, so they disabled the function in php.ini, they're not gonna be happy to find you doing this... Extreme Caution is called for. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DNS lookups only sometimes
I have an email validation script written in PHP that works on most Apache machines I try it on, with the exception (of course) of my production box that it needs to go on. This production machine is a Slackware 10.2 box, running Apache 1.33 and PHP 4.4.0. The script works if I call it from the command line with "php -f filename" however, if I try to call the same script from a browser (served by httpd) the DNS check is never made, and the script returns that the domain of the email address is invalid. The httpd people tell me that once Apache calls a .php page, PHP handles the actual parsing of that page, so if these DNS queries aren't happening when the page is called through a browser, what is changing from when they are called from the command line? Thoughts? Best, Jadel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] DNS-less Connections With PHP?
Yes you really need to indicate what version of php you are using, what server you are using and what db you are using if you ever need to ask for help. Go to www.php.net and read up on: SQL SERVER mssql_connect() MYSQL mysql_connect() MOST obdc_connect() ORACLE ora_plogon() ed At 06:45 AM 5/29/2002 -0500, Jay Blanchard wrote: >[snip] >Could anybody explain to me (or even give me a link to a place explaining) >the creation of "DSN-less" connections? I've extensivly searched Google with >this, but I couldn't find anything that was of any help to me. I know how to >do this in ASP, though... >[/snip] > >PHP does not use the concept of DSN-less connections as it supports many >database types with native functions. Even ODBC uses a set of native PHP >functions for connections with databases. You don't say what type of >database you are using, but it is likely that PHP has support for it. > >Jay Blanchard > > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] DNS-less Connections With PHP?
[snip] Could anybody explain to me (or even give me a link to a place explaining) the creation of "DSN-less" connections? I've extensivly searched Google with this, but I couldn't find anything that was of any help to me. I know how to do this in ASP, though... [/snip] PHP does not use the concept of DSN-less connections as it supports many database types with native functions. Even ODBC uses a set of native PHP functions for connections with databases. You don't say what type of database you are using, but it is likely that PHP has support for it. Jay Blanchard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DNS-less Connections With PHP?
Could anybody explain to me (or even give me a link to a place explaining) the creation of "DSN-less" connections? I've extensivly searched Google with this, but I couldn't find anything that was of any help to me. I know how to do this in ASP, though... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DNS
On Sunday 24 March 2002 07:26, Liam wrote: > 23/03/2002 11:26:39 PM > > Hi, err, I realise this has nothing to do with PHP but... > > I am in desperate need of a backup DNS host. I've scoured > the internet and I can't find anyone who'll be my backup DNS. > I'm willing to exchange the favour and be your backup DNS. > > If there's any place you know I can get this, please pipe up. www.zoneedit.com -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk /* Conscience is what hurts when everything else feels so good. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] DNS
23/03/2002 11:26:39 PM Hi, err, I realise this has nothing to do with PHP but... I am in desperate need of a backup DNS host. I've scoured the internet and I can't find anyone who'll be my backup DNS. I'm willing to exchange the favour and be your backup DNS. If there's any place you know I can get this, please pipe up. Thanks, Liam -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] dns
Is there a way to set up a php page to act as a name server under windows? I dont have named etc on that OS. I was thinking of maybe having PHP read from the port used for DNS services and recording the MAC address of the machine in a dateabse for example and linking this to a name i.e. server.mydomain It would need to work on the Windows platform and be compatible with whaterver Windows uses for DNS stuff. The process would be as follows: 1: client tries to access server.mydomain in a browser window 2: a request is sent to the server asking it to find the IP address of the machine called server.mydomain 3: this IP address is then sent back to the client and connecting it to say 192.168.1.9 Do you think this could be done? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] DNS Checking and lookup
Hi, Is there anyway I can use PHP to find out all the information in a DNS Zonefile on a DNS server, in win2k, if you go to a dos prompt, and do the following nslookup server ls -d you will get loads of information on that domain name, like SOA Records, A records, MX records, CNAME records, serial number, NS records, basically, the zone file. I need to be able to do this using PHP and would really appreciate some help, maybe a pointer in the direction... Please help, Christian Sacks please reply to me and the newsgroup. Thanks [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] DNS Lookups Fail
Addressed to: "Scott Rothgaber" <[EMAIL PROTECTED]> [EMAIL PROTECTED] ** Reply to note from "Scott Rothgaber" <[EMAIL PROTECTED]> Mon, 26 Feb 2001 12:46:08 -0500 > > On 26 Feb 2001, at 10:21, [EMAIL PROTECTED] wrote: > > > The first thing to try is get a list of the host names that > > fail and do a nslookup to make sure you can resolve them. > > The way I see it, this is strictly a PHP issue. *No* lookups are > succeeding, not even in the log file. If I switch back to my > Apache binary built without PHP, everything works. > Take a look thru your Apache config files for HostNameLookups, that is probably what it is. You can set it to ON to get this behavior back. You might want to think about it a little before you do. Having this on means that EVERY SINGLE page and image hit requires a DNS lookup BEFORE the page/image is sent. If there is a problem with reverse DNS on the modem your visitor is connected to (not uncommon) they get to wait up to 30 seconds for a DNS timeout before the page will load. Not good. Consider how often you really care about what the host name is. Is it worth the extra delay for the DNS lookup on EVERY page sent. You mentioned having to have your log analyzer do the DNS lookups when it processes the logs. I say better pay for it then when it is only you waiting for results than making your visitors pay on every page and image they download. Rick Widmer Internet Marketing Specialists http://www.developersdesk.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] DNS Lookups Fail
Addressed to: "Scott Rothgaber" <[EMAIL PROTECTED]> [EMAIL PROTECTED] ** Reply to note from "Scott Rothgaber" <[EMAIL PROTECTED]> Mon, 26 Feb 2001 09:45:42 -0500 > > PHP 4.0.4 pl1, Apache 1.3.17, BSD/OS 4.1 pl37 > > Good Morning! > > Please forgive me if this has been covered ad nauseum, but I > have searched high and low for an answer with no luck. > > After building PHP as a module, following the online > instructions, Apache complained that it could not resolve > hostnames. I got around this by using IP's in httpd.conf and > making wusage do the lookups. > > Is there a fix for this or is it an unpleasant side effect that > we must accept and deal with? The official word on the Apache config files is that you _should_ use IP addresses rather than host names. That said, I don't do it. I find the host names more understandable when I am working on the file. The problem is you MUST make sure DNS or /etc/hosts name resolution is available BEFORE you start the web server. The first thing to try is get a list of the host names that fail and do a nslookup to make sure you can resolve them. You may have bigger problems with DNS. If the problem happens only when you boot the computer, make sure you start networking ans named long before you try to start the web server. A way to side step the entire DNS issue is to list each of your web IP addresses in /etc/hosts, and make sure that /etc/resolv.conf looks in that file before it goes out to DNS. Even if you do this you need to find out why the host names can not be resolved. If the master DNS server is setup wrong, no one will be able to see the site. Rick Widmer Internet Marketing Specialists http://www.developersdesk.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] DNS Lookups Fail
PHP 4.0.4 pl1, Apache 1.3.17, BSD/OS 4.1 pl37 Good Morning! Please forgive me if this has been covered ad nauseum, but I have searched high and low for an answer with no luck. After building PHP as a module, following the online instructions, Apache complained that it could not resolve hostnames. I got around this by using IP's in httpd.conf and making wusage do the lookups. Is there a fix for this or is it an unpleasant side effect that we must accept and deal with? Thanks, Scott -- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Easley Internet Solutions 864.859.2400 * * Easley, SC USA Fax: 864.855.5864 * * http://www.easley.net/AIM: ExCavSGT * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]