Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tue, Oct 24, 2006 at 03:52:58PM +0200, Holger Nowak wrote: >I know that running bind in a vserver guest is a bit problematic, so I >decided to recompile Bind with linux-caps disabled according to > > > [1]http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29 >and >[2]http://www.newt.com/debian/acornHOWTO/ (Section bind9) > >But I couldn't start named properly. No error messages neither on promt >nor on syslog occur but the name server isn't running. > >If I want to stop the service I receive the well known message: > >Stopping domain name service: namedrndc: connect failed: connection >refused which kernel and which vserver patch ??? i talk about debian bind9 a few weeks ago with Herbert on irc, but i was very busy ... so try 'normal' debian packages WITH enabled linux-caps ... on 2.6.17.11 and vs2.0.2 bind9 can work normally like other programs ... (maybe) ... i must deeply investigate all my settings ... i have my own recompiled kernel and my own recompiled bind9 ... -- 5o Peter.Mann at tuke.sk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
AW: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
Hi Christoph and Peter, >> > IIRC rndc wants to connect to localhost, which of course is not >> possible if >> > this resolves to the loopback interface >> >> > A line like >> >> >localhost >> >> > in /etc/hosts should fix that. >If I remember correctly rndc does not respect the hosts file. You have to set up /etc/bind/rndc.conf like this: >include "/etc/bind/rndc.key"; >options { >default-server 195.227.242.154; >default-key rndc-key; >}; > and generate a key in /etc/bind/rndc-key with rndc-confgen. I did copy the key in rndc.conf but neither this nor including the file doesn't change the behaviour. Also the options not to listen to ipv6 doesn't change anything. Regards, Holger --- Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
I just checked my named.conf.options and I also have a listen-on-v6 { none; }; in there. This should be the default, but might be worth a shot anyway - peter. On Tuesday 24 October 2006 16:52, Holger Nowak wrote: > >> But I couldn't start named properly. No error messages neither on > >> promt nor on syslog occur but the name server isn't running. If I > > want > > >> to stop the service I receive the well known message: > >> > >> Stopping domain name service: namedrndc: connect failed: connection > >> refused > > > > IIRC rndc wants to connect to localhost, which of course is not > > possible if > > > this resolves to the loopback interface > > > > A line like > > > >localhost > > > > in /etc/hosts should fix that. > > I forgot to post. This didn't help. > Before your mail my /etc/hosts looks like > > 195.227.242.154 localhost > > I added the but it didn't change anything > > Every command with rndc like > rndc -s localhost stats > > fails with "connection refused". > > Localhost is reachable: > mystery:/# ping -c3 localhost > PING mystery (195.227.242.154) 56(84) bytes of data. > 64 bytes from mystery (195.227.242.154): icmp_seq=1 ttl=64 time=0.029 ms > ... > > Regards, > Holger > > > --- > > Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 > erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken > > psychonomics Newsletter bestellen: www.psychonomics.de/newsletter > > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver -- ~ Peter Sabaini ARC Seibersdorf research GmbH Biomedical Engineering / eHealth systems Reininghausstrasse 13/1, 8020 Graz, Austria T: +43(0)316 586570-55, F:+43(0)316 586570-12 [EMAIL PROTECTED], http://www.arcsmed.at/ehs ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
Hi Holger, > > IIRC rndc wants to connect to localhost, which of course is not > possible if > > this resolves to the loopback interface > > > A line like > > >localhost > > > in /etc/hosts should fix that. If I remember correctly rndc does not respect the hosts file. You have to set up /etc/bind/rndc.conf like this: include "/etc/bind/rndc.key"; options { default-server 195.227.242.154; default-key rndc-key; }; and generate a key in /etc/bind/rndc-key with rndc-confgen. Regards, Christoph ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
>> But I couldn't start named properly. No error messages neither on >> promt nor on syslog occur but the name server isn't running. If I want >> to stop the service I receive the well known message: >> >> Stopping domain name service: namedrndc: connect failed: connection >> refused > IIRC rndc wants to connect to localhost, which of course is not possible if > this resolves to the loopback interface > A line like >localhost > in /etc/hosts should fix that. I forgot to post. This didn't help. Before your mail my /etc/hosts looks like 195.227.242.154 localhost I added the but it didn't change anything Every command with rndc like rndc -s localhost stats fails with "connection refused". Localhost is reachable: mystery:/# ping -c3 localhost PING mystery (195.227.242.154) 56(84) bytes of data. 64 bytes from mystery (195.227.242.154): icmp_seq=1 ttl=64 time=0.029 ms ... Regards, Holger --- Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] arping inside guest
i am trying to use the arping utility inside a guest. i have a ccap of raw_icmp already for something else in the guest. i keep getting this error" arping: socket: Operation not permitted i looked through the caps listing but can't find anything obvious that I should use.. any suggestions? this is for a nagios monitoring setup where we cannot ping certain ip addresses because of their firewall settings, so i thought we could still monitor those using arping. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tuesday 24 October 2006 15:52, Holger Nowak wrote: > Hello, > I know that running bind in a vserver guest is a bit problematic, so I > decided to recompile Bind with linux-caps disabled according to > http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_W >oody_.283.0.29_and_Sarge_.283.1.29 and > http://www.newt.com/debian/acornHOWTO/ (Section bind9) > > But I couldn't start named properly. No error messages neither on promt nor > on syslog occur but the name server isn't running. If I want to stop the > service I receive the well known message: > > Stopping domain name service: namedrndc: connect failed: connection refused IIRC rndc wants to connect to localhost, which of course is not possible if this resolves to the loopback interface A line like localhost in /etc/hosts should fix that. hth peter. > But I don't think it is a permission problem, since running named in > foreground resulting in > > mystery:/etc/bind# named -g -p 53 > Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53 > Oct 24 13:50:14.676 using 1 CPU > Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf' > Segmentation fault (core dumped) > > strace gives no more information, so I think I've made some mistake > configuring the listening server. The crucial file where named is stop is > the name.conf.options > > mystery:/etc/bind# cat named.conf.options > options { > > // Avoids listening on 127.0.0.1. > listen-on { > 195.227.242.154; > }; > > auth-nxdomain no;# conform to RFC1035 > > }; > > controls { > inet 195.227.242.154 allow { >195.227.242.154; > }; > }; > > The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on > the host system. The host system is running bind too but I don't listen to > the given IP. > > If I disable the listen directive I get the following message from named: > > mystery:/etc/bind# named -g -p 53 > Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53 > Oct 24 13:56:53.970 using 1 CPU > Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf' > Oct 24 13:56:53.973 no IPv6 interfaces found > Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53 > Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed > Oct 24 13:56:53.975 exiting (due to assertion failure) > Aborted (core dumped) > > I've been at my wits' end and I hope some could help me. > > Best regards, > Holger > > -- > Holger Nowak > Junior Projektmanager > Datenmanagement | Programmierung > > > psychonomics AG > > Berrenrather Str. 154-156 > > D-50937 Köln > > T +49 (0) 221 42061-346 > > F +49 (0) 221 42061-100 > > E-Mail: [EMAIL PROTECTED] > > www.psychonomics.de > > --- > > Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 > erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken > > psychonomics Newsletter bestellen: www.psychonomics.de/newsletter -- ~ Peter Sabaini ARC Seibersdorf research GmbH Biomedical Engineering / eHealth systems Reininghausstrasse 13/1, 8020 Graz, Austria T: +43(0)316 586570-55, F:+43(0)316 586570-12 [EMAIL PROTECTED], http://www.arcsmed.at/ehs ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Running bind 9.2.4 on Debian Sarge without caps
Title: Running bind 9.2.4 on Debian Sarge without caps Hello, I know that running bind in a vserver guest is a bit problematic, so I decided to recompile Bind with linux-caps disabled according to http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29 and http://www.newt.com/debian/acornHOWTO/ (Section bind9) But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused But I don't think it is a permission problem, since running named in foreground resulting in mystery:/etc/bind# named -g -p 53 Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53 Oct 24 13:50:14.676 using 1 CPU Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf' Segmentation fault (core dumped) strace gives no more information, so I think I've made some mistake configuring the listening server. The crucial file where named is stop is the name.conf.options mystery:/etc/bind# cat named.conf.options options { // Avoids listening on 127.0.0.1. listen-on { 195.227.242.154; }; auth-nxdomain no; # conform to RFC1035 }; controls { inet 195.227.242.154 allow { 195.227.242.154; }; }; The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on the host system. The host system is running bind too but I don't listen to the given IP. If I disable the listen directive I get the following message from named: mystery:/etc/bind# named -g -p 53 Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53 Oct 24 13:56:53.970 using 1 CPU Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf' Oct 24 13:56:53.973 no IPv6 interfaces found Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53 Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed Oct 24 13:56:53.975 exiting (due to assertion failure) Aborted (core dumped) I've been at my wits' end and I hope some could help me. Best regards, Holger -- Holger Nowak Junior Projektmanager Datenmanagement | Programmierung psychonomics AG Berrenrather Str. 154-156 D-50937 Köln T +49 (0) 221 42061-346 F +49 (0) 221 42061-100 E-Mail: [EMAIL PROTECTED] www.psychonomics.de - Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver