Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tue, Oct 24, 2006 at 03:52:58PM +0200, Holger Nowak wrote: >I know that running bind in a vserver guest is a bit problematic, so I >decided to recompile Bind with linux-caps disabled according to > > > [1]http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29 >and >[2]http://www.newt.com/debian/acornHOWTO/ (Section bind9) > >But I couldn't start named properly. No error messages neither on promt >nor on syslog occur but the name server isn't running. > >If I want to stop the service I receive the well known message: > >Stopping domain name service: namedrndc: connect failed: connection >refused which kernel and which vserver patch ??? i talk about debian bind9 a few weeks ago with Herbert on irc, but i was very busy ... so try 'normal' debian packages WITH enabled linux-caps ... on 2.6.17.11 and vs2.0.2 bind9 can work normally like other programs ... (maybe) ... i must deeply investigate all my settings ... i have my own recompiled kernel and my own recompiled bind9 ... -- 5o Peter.Mann at tuke.sk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
AW: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
Hi Christoph and Peter,
>> > IIRC rndc wants to connect to localhost, which of course is not
>> possible if
>> > this resolves to the loopback interface
>>
>> > A line like
>>
>> >localhost
>>
>> > in /etc/hosts should fix that.
>If I remember correctly rndc does not respect the hosts file. You have
to set up /etc/bind/rndc.conf like this:
>include "/etc/bind/rndc.key";
>options {
>default-server 195.227.242.154;
>default-key rndc-key;
>};
> and generate a key in /etc/bind/rndc-key with rndc-confgen.
I did copy the key in rndc.conf but neither this nor including the file
doesn't change the behaviour. Also the options not to listen to ipv6
doesn't change anything.
Regards,
Holger
---
Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich.
Weitere Info: www.psychonomics.de/kundenmonitor_banken
psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
I just checked my named.conf.options and I also have a
listen-on-v6 { none; };
in there. This should be the default, but might be worth a shot anyway
- peter.
On Tuesday 24 October 2006 16:52, Holger Nowak wrote:
> >> But I couldn't start named properly. No error messages neither on
> >> promt nor on syslog occur but the name server isn't running. If I
>
> want
>
> >> to stop the service I receive the well known message:
> >>
> >> Stopping domain name service: namedrndc: connect failed: connection
> >> refused
> >
> > IIRC rndc wants to connect to localhost, which of course is not
>
> possible if
>
> > this resolves to the loopback interface
> >
> > A line like
> >
> >localhost
> >
> > in /etc/hosts should fix that.
>
> I forgot to post. This didn't help.
> Before your mail my /etc/hosts looks like
>
> 195.227.242.154 localhost
>
> I added the but it didn't change anything
>
> Every command with rndc like
> rndc -s localhost stats
>
> fails with "connection refused".
>
> Localhost is reachable:
> mystery:/# ping -c3 localhost
> PING mystery (195.227.242.154) 56(84) bytes of data.
> 64 bytes from mystery (195.227.242.154): icmp_seq=1 ttl=64 time=0.029 ms
> ...
>
> Regards,
> Holger
>
>
> ---
>
> Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006
> erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken
>
> psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
>
>
>
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
--
~
Peter Sabaini
ARC Seibersdorf research GmbH
Biomedical Engineering / eHealth systems
Reininghausstrasse 13/1, 8020 Graz, Austria
T: +43(0)316 586570-55, F:+43(0)316 586570-12
[EMAIL PROTECTED], http://www.arcsmed.at/ehs
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
Hi Holger,
> > IIRC rndc wants to connect to localhost, which of course is not
> possible if
> > this resolves to the loopback interface
>
> > A line like
>
> >localhost
>
> > in /etc/hosts should fix that.
If I remember correctly rndc does not respect the hosts file. You have
to set up /etc/bind/rndc.conf like this:
include "/etc/bind/rndc.key";
options {
default-server 195.227.242.154;
default-key rndc-key;
};
and generate a key in /etc/bind/rndc-key with rndc-confgen.
Regards,
Christoph
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
>> But I couldn't start named properly. No error messages neither on >> promt nor on syslog occur but the name server isn't running. If I want >> to stop the service I receive the well known message: >> >> Stopping domain name service: namedrndc: connect failed: connection >> refused > IIRC rndc wants to connect to localhost, which of course is not possible if > this resolves to the loopback interface > A line like >localhost > in /etc/hosts should fix that. I forgot to post. This didn't help. Before your mail my /etc/hosts looks like 195.227.242.154 localhost I added the but it didn't change anything Every command with rndc like rndc -s localhost stats fails with "connection refused". Localhost is reachable: mystery:/# ping -c3 localhost PING mystery (195.227.242.154) 56(84) bytes of data. 64 bytes from mystery (195.227.242.154): icmp_seq=1 ttl=64 time=0.029 ms ... Regards, Holger --- Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] arping inside guest
i am trying to use the arping utility inside a guest. i have a ccap of raw_icmp already for something else in the guest. i keep getting this error" arping: socket: Operation not permitted i looked through the caps listing but can't find anything obvious that I should use.. any suggestions? this is for a nagios monitoring setup where we cannot ping certain ip addresses because of their firewall settings, so i thought we could still monitor those using arping. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tuesday 24 October 2006 15:52, Holger Nowak wrote:
> Hello,
> I know that running bind in a vserver guest is a bit problematic, so I
> decided to recompile Bind with linux-caps disabled according to
> http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_W
>oody_.283.0.29_and_Sarge_.283.1.29 and
> http://www.newt.com/debian/acornHOWTO/ (Section bind9)
>
> But I couldn't start named properly. No error messages neither on promt nor
> on syslog occur but the name server isn't running. If I want to stop the
> service I receive the well known message:
>
> Stopping domain name service: namedrndc: connect failed: connection refused
IIRC rndc wants to connect to localhost, which of course is not possible if
this resolves to the loopback interface
A line like
localhost
in /etc/hosts should fix that.
hth
peter.
> But I don't think it is a permission problem, since running named in
> foreground resulting in
>
> mystery:/etc/bind# named -g -p 53
> Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53
> Oct 24 13:50:14.676 using 1 CPU
> Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf'
> Segmentation fault (core dumped)
>
> strace gives no more information, so I think I've made some mistake
> configuring the listening server. The crucial file where named is stop is
> the name.conf.options
>
> mystery:/etc/bind# cat named.conf.options
> options {
>
> // Avoids listening on 127.0.0.1.
> listen-on {
> 195.227.242.154;
> };
>
> auth-nxdomain no;# conform to RFC1035
>
> };
>
> controls {
> inet 195.227.242.154 allow {
>195.227.242.154;
> };
> };
>
> The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on
> the host system. The host system is running bind too but I don't listen to
> the given IP.
>
> If I disable the listen directive I get the following message from named:
>
> mystery:/etc/bind# named -g -p 53
> Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53
> Oct 24 13:56:53.970 using 1 CPU
> Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf'
> Oct 24 13:56:53.973 no IPv6 interfaces found
> Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53
> Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed
> Oct 24 13:56:53.975 exiting (due to assertion failure)
> Aborted (core dumped)
>
> I've been at my wits' end and I hope some could help me.
>
> Best regards,
> Holger
>
> --
> Holger Nowak
> Junior Projektmanager
> Datenmanagement | Programmierung
>
> > psychonomics AG
> > Berrenrather Str. 154-156
> > D-50937 Köln
> > T +49 (0) 221 42061-346
> > F +49 (0) 221 42061-100
> > E-Mail: [EMAIL PROTECTED]
> > www.psychonomics.de
>
> ---
>
> Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006
> erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken
>
> psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
--
~
Peter Sabaini
ARC Seibersdorf research GmbH
Biomedical Engineering / eHealth systems
Reininghausstrasse 13/1, 8020 Graz, Austria
T: +43(0)316 586570-55, F:+43(0)316 586570-12
[EMAIL PROTECTED], http://www.arcsmed.at/ehs
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Running bind 9.2.4 on Debian Sarge without caps
Title: Running bind 9.2.4 on Debian Sarge without caps
Hello,
I know that running bind in a vserver guest is a bit problematic, so I decided to recompile Bind with linux-caps disabled according to
http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29
and
http://www.newt.com/debian/acornHOWTO/ (Section bind9)
But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running.
If I want to stop the service I receive the well known message:
Stopping domain name service: namedrndc: connect failed: connection refused
But I don't think it is a permission problem, since running named in foreground resulting in
mystery:/etc/bind# named -g -p 53
Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53
Oct 24 13:50:14.676 using 1 CPU
Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf'
Segmentation fault (core dumped)
strace gives no more information, so I think I've made some mistake configuring the listening server.
The crucial file where named is stop is the name.conf.options
mystery:/etc/bind# cat named.conf.options
options {
// Avoids listening on 127.0.0.1.
listen-on {
195.227.242.154;
};
auth-nxdomain no; # conform to RFC1035
};
controls {
inet 195.227.242.154 allow {
195.227.242.154;
};
};
The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on the host system. The host system is running bind too but I don't listen to the given IP.
If I disable the listen directive I get the following message from named:
mystery:/etc/bind# named -g -p 53
Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53
Oct 24 13:56:53.970 using 1 CPU
Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf'
Oct 24 13:56:53.973 no IPv6 interfaces found
Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53
Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed
Oct 24 13:56:53.975 exiting (due to assertion failure)
Aborted (core dumped)
I've been at my wits' end and I hope some could help me.
Best regards,
Holger
--
Holger Nowak
Junior Projektmanager
Datenmanagement | Programmierung
psychonomics AG
Berrenrather Str. 154-156
D-50937 Köln
T +49 (0) 221 42061-346
F +49 (0) 221 42061-100
E-Mail: [EMAIL PROTECTED]
www.psychonomics.de
-
Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken
psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
