Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tue, Oct 24, 2006 at 03:52:58PM +0200, Holger Nowak wrote:
Hello,
I know that running bind in a vserver guest is a bit problematic, so
I decided to recompile Bind with linux-caps disabled according to
http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29
and
http://www.newt.com/debian/acornHOWTO/ (Section bind9)
But I couldn't start named properly. No error messages neither on
promt nor on syslog occur but the name server isn't running. If I want
to stop the service I receive the well known message:
Stopping domain name service: namedrndc: connect failed: connection refused
But I don't think it is a permission problem, since running named in
foreground resulting in
mystery:/etc/bind# named -g -p 53
Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53
Oct 24 13:50:14.676 using 1 CPU
Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf'
Segmentation fault (core dumped)
looks like a bind bug to me, at least a proper
app should not segfault on a bad config (if it
is a bad one at all)
strace gives no more information, so I think I've made some mistake
configuring the listening server. The crucial file where named is stop
is the name.conf.options
mystery:/etc/bind# cat named.conf.options
options {
// Avoids listening on 127.0.0.1.
listen-on {
195.227.242.154;
};
auth-nxdomain no;# conform to RFC1035
};
controls {
inet 195.227.242.154 allow {
195.227.242.154;
};
};
The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5
on the host system. The host system is running bind too but I don't
listen to the given IP.
If I disable the listen directive I get the following message from
named:
mystery:/etc/bind# named -g -p 53
Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53
Oct 24 13:56:53.970 using 1 CPU
Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf'
Oct 24 13:56:53.973 no IPv6 interfaces found
Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53
Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed
Oct 24 13:56:53.975 exiting (due to assertion failure)
Aborted (core dumped)
I've been at my wits' end and I hope some could help me.
well, first, let's run testme.sh and 'vserver-info - SYSINFO'
on the host and provide that, then, you might want to change
the eth0:5 alias to a 'normal' assignment (for testing), maybe
bind is once again trying to be too smart and interpret the
interfaces in a non standard way (just an idea)
besides that, bind should work without any modifications for
recent devel branch Linux-VServer kernels and with the linux
caps disabled (or with daniel_hozac's patch applied) with
stable branch kernels
just for reference, here an example for the rndc setup:
# cat /etc/rndc.conf
key mykey {
algorithm hmac-md5;
secret x;
};
options {
default-key mykey;
default-server 10.42.0.1;
default-port 953;
};
# named.conf
controls {
inet 10.42.0.1 port 953
allow { 10.42.0.1; } keys { mykey; };
};
best,
Herbert
Best regards,
Holger
--
Holger Nowak
Junior Projektmanager
Datenmanagement | Programmierung
psychonomics AG
Berrenrather Str. 154-156
D-50937 Köln
T +49 (0) 221 42061-346
F +49 (0) 221 42061-100
E-Mail: [EMAIL PROTECTED]
www.psychonomics.de
---
Neuer psychonomics Kundenmonitor Banken ab Ende September 2006 erhaeltlich.
Weitere Info: www.psychonomics.de/kundenmonitor_banken
psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Running bind 9.2.4 on Debian Sarge without caps
Title: Running bind 9.2.4 on Debian Sarge without caps
Hello,
I know that running bind in a vserver guest is a bit problematic, so I decided to recompile Bind with linux-caps disabled according to
http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29
and
http://www.newt.com/debian/acornHOWTO/ (Section bind9)
But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running.
If I want to stop the service I receive the well known message:
Stopping domain name service: namedrndc: connect failed: connection refused
But I don't think it is a permission problem, since running named in foreground resulting in
mystery:/etc/bind# named -g -p 53
Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53
Oct 24 13:50:14.676 using 1 CPU
Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf'
Segmentation fault (core dumped)
strace gives no more information, so I think I've made some mistake configuring the listening server.
The crucial file where named is stop is the name.conf.options
mystery:/etc/bind# cat named.conf.options
options {
// Avoids listening on 127.0.0.1.
listen-on {
195.227.242.154;
};
auth-nxdomain no; # conform to RFC1035
};
controls {
inet 195.227.242.154 allow {
195.227.242.154;
};
};
The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on the host system. The host system is running bind too but I don't listen to the given IP.
If I disable the listen directive I get the following message from named:
mystery:/etc/bind# named -g -p 53
Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53
Oct 24 13:56:53.970 using 1 CPU
Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf'
Oct 24 13:56:53.973 no IPv6 interfaces found
Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53
Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed
Oct 24 13:56:53.975 exiting (due to assertion failure)
Aborted (core dumped)
I've been at my wits' end and I hope some could help me.
Best regards,
Holger
--
Holger Nowak
Junior Projektmanager
Datenmanagement | Programmierung
psychonomics AG
Berrenrather Str. 154-156
D-50937 Köln
T +49 (0) 221 42061-346
F +49 (0) 221 42061-100
E-Mail: [EMAIL PROTECTED]
www.psychonomics.de
-
Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken
psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tuesday 24 October 2006 15:52, Holger Nowak wrote:
Hello,
I know that running bind in a vserver guest is a bit problematic, so I
decided to recompile Bind with linux-caps disabled according to
http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_W
oody_.283.0.29_and_Sarge_.283.1.29 and
http://www.newt.com/debian/acornHOWTO/ (Section bind9)
But I couldn't start named properly. No error messages neither on promt nor
on syslog occur but the name server isn't running. If I want to stop the
service I receive the well known message:
Stopping domain name service: namedrndc: connect failed: connection refused
IIRC rndc wants to connect to localhost, which of course is not possible if
this resolves to the loopback interface
A line like
YOUR VSERVERS IP VSERVER HOSTNAME localhost
in /etc/hosts should fix that.
hth
peter.
But I don't think it is a permission problem, since running named in
foreground resulting in
mystery:/etc/bind# named -g -p 53
Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53
Oct 24 13:50:14.676 using 1 CPU
Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf'
Segmentation fault (core dumped)
strace gives no more information, so I think I've made some mistake
configuring the listening server. The crucial file where named is stop is
the name.conf.options
mystery:/etc/bind# cat named.conf.options
options {
// Avoids listening on 127.0.0.1.
listen-on {
195.227.242.154;
};
auth-nxdomain no;# conform to RFC1035
};
controls {
inet 195.227.242.154 allow {
195.227.242.154;
};
};
The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on
the host system. The host system is running bind too but I don't listen to
the given IP.
If I disable the listen directive I get the following message from named:
mystery:/etc/bind# named -g -p 53
Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53
Oct 24 13:56:53.970 using 1 CPU
Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf'
Oct 24 13:56:53.973 no IPv6 interfaces found
Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53
Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed
Oct 24 13:56:53.975 exiting (due to assertion failure)
Aborted (core dumped)
I've been at my wits' end and I hope some could help me.
Best regards,
Holger
--
Holger Nowak
Junior Projektmanager
Datenmanagement | Programmierung
psychonomics AG
Berrenrather Str. 154-156
D-50937 Köln
T +49 (0) 221 42061-346
F +49 (0) 221 42061-100
E-Mail: [EMAIL PROTECTED]
www.psychonomics.de
---
Neuer psychonomics Kundenmonitor Banken ab Ende September 2006
erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken
psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
--
~
Peter Sabaini
ARC Seibersdorf research GmbH
Biomedical Engineering / eHealth systems
Reininghausstrasse 13/1, 8020 Graz, Austria
T: +43(0)316 586570-55, F:+43(0)316 586570-12
[EMAIL PROTECTED], http://www.arcsmed.at/ehs
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused IIRC rndc wants to connect to localhost, which of course is not possible if this resolves to the loopback interface A line like YOUR VSERVERS IP VSERVER HOSTNAME localhost in /etc/hosts should fix that. I forgot to post. This didn't help. Before your mail my /etc/hosts looks like 195.227.242.154 localhost I added the vserver hostname but it didn't change anything Every command with rndc like rndc -s localhost stats fails with connection refused. Localhost is reachable: mystery:/# ping -c3 localhost PING mystery (195.227.242.154) 56(84) bytes of data. 64 bytes from mystery (195.227.242.154): icmp_seq=1 ttl=64 time=0.029 ms ... Regards, Holger --- Neuer psychonomics Kundenmonitor Banken ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
Hi Holger,
IIRC rndc wants to connect to localhost, which of course is not
possible if
this resolves to the loopback interface
A line like
YOUR VSERVERS IP VSERVER HOSTNAME localhost
in /etc/hosts should fix that.
If I remember correctly rndc does not respect the hosts file. You have
to set up /etc/bind/rndc.conf like this:
include /etc/bind/rndc.key;
options {
default-server 195.227.242.154;
default-key rndc-key;
};
and generate a key in /etc/bind/rndc-key with rndc-confgen.
Regards,
Christoph
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
I just checked my named.conf.options and I also have a
listen-on-v6 { none; };
in there. This should be the default, but might be worth a shot anyway
- peter.
On Tuesday 24 October 2006 16:52, Holger Nowak wrote:
But I couldn't start named properly. No error messages neither on
promt nor on syslog occur but the name server isn't running. If I
want
to stop the service I receive the well known message:
Stopping domain name service: namedrndc: connect failed: connection
refused
IIRC rndc wants to connect to localhost, which of course is not
possible if
this resolves to the loopback interface
A line like
YOUR VSERVERS IP VSERVER HOSTNAME localhost
in /etc/hosts should fix that.
I forgot to post. This didn't help.
Before your mail my /etc/hosts looks like
195.227.242.154 localhost
I added the vserver hostname but it didn't change anything
Every command with rndc like
rndc -s localhost stats
fails with connection refused.
Localhost is reachable:
mystery:/# ping -c3 localhost
PING mystery (195.227.242.154) 56(84) bytes of data.
64 bytes from mystery (195.227.242.154): icmp_seq=1 ttl=64 time=0.029 ms
...
Regards,
Holger
---
Neuer psychonomics Kundenmonitor Banken ab Ende September 2006
erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken
psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
~
Peter Sabaini
ARC Seibersdorf research GmbH
Biomedical Engineering / eHealth systems
Reininghausstrasse 13/1, 8020 Graz, Austria
T: +43(0)316 586570-55, F:+43(0)316 586570-12
[EMAIL PROTECTED], http://www.arcsmed.at/ehs
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
AW: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
Hi Christoph and Peter,
IIRC rndc wants to connect to localhost, which of course is not
possible if
this resolves to the loopback interface
A line like
YOUR VSERVERS IP VSERVER HOSTNAME localhost
in /etc/hosts should fix that.
If I remember correctly rndc does not respect the hosts file. You have
to set up /etc/bind/rndc.conf like this:
include /etc/bind/rndc.key;
options {
default-server 195.227.242.154;
default-key rndc-key;
};
and generate a key in /etc/bind/rndc-key with rndc-confgen.
I did copy the key in rndc.conf but neither this nor including the file
doesn't change the behaviour. Also the options not to listen to ipv6
doesn't change anything.
Regards,
Holger
---
Neuer psychonomics Kundenmonitor Banken ab Ende September 2006 erhaeltlich.
Weitere Info: www.psychonomics.de/kundenmonitor_banken
psychonomics Newsletter bestellen: www.psychonomics.de/newsletter
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tue, Oct 24, 2006 at 03:52:58PM +0200, Holger Nowak wrote: I know that running bind in a vserver guest is a bit problematic, so I decided to recompile Bind with linux-caps disabled according to [1]http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29 and [2]http://www.newt.com/debian/acornHOWTO/ (Section bind9) But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused which kernel and which vserver patch ??? i talk about debian bind9 a few weeks ago with Herbert on irc, but i was very busy ... so try 'normal' debian packages WITH enabled linux-caps ... on 2.6.17.11 and vs2.0.2 bind9 can work normally like other programs ... (maybe) ... i must deeply investigate all my settings ... i have my own recompiled kernel and my own recompiled bind9 ... -- 5o Peter.Mann at tuke.sk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
