Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tue, Oct 24, 2006 at 03:52:58PM +0200, Holger Nowak wrote: Hello, I know that running bind in a vserver guest is a bit problematic, so I decided to recompile Bind with linux-caps disabled according to http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29 and http://www.newt.com/debian/acornHOWTO/ (Section bind9) But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused But I don't think it is a permission problem, since running named in foreground resulting in mystery:/etc/bind# named -g -p 53 Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53 Oct 24 13:50:14.676 using 1 CPU Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf' Segmentation fault (core dumped) looks like a bind bug to me, at least a proper app should not segfault on a bad config (if it is a bad one at all) strace gives no more information, so I think I've made some mistake configuring the listening server. The crucial file where named is stop is the name.conf.options mystery:/etc/bind# cat named.conf.options options { // Avoids listening on 127.0.0.1. listen-on { 195.227.242.154; }; auth-nxdomain no;# conform to RFC1035 }; controls { inet 195.227.242.154 allow { 195.227.242.154; }; }; The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on the host system. The host system is running bind too but I don't listen to the given IP. If I disable the listen directive I get the following message from named: mystery:/etc/bind# named -g -p 53 Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53 Oct 24 13:56:53.970 using 1 CPU Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf' Oct 24 13:56:53.973 no IPv6 interfaces found Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53 Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed Oct 24 13:56:53.975 exiting (due to assertion failure) Aborted (core dumped) I've been at my wits' end and I hope some could help me. well, first, let's run testme.sh and 'vserver-info - SYSINFO' on the host and provide that, then, you might want to change the eth0:5 alias to a 'normal' assignment (for testing), maybe bind is once again trying to be too smart and interpret the interfaces in a non standard way (just an idea) besides that, bind should work without any modifications for recent devel branch Linux-VServer kernels and with the linux caps disabled (or with daniel_hozac's patch applied) with stable branch kernels just for reference, here an example for the rndc setup: # cat /etc/rndc.conf key mykey { algorithm hmac-md5; secret x; }; options { default-key mykey; default-server 10.42.0.1; default-port 953; }; # named.conf controls { inet 10.42.0.1 port 953 allow { 10.42.0.1; } keys { mykey; }; }; best, Herbert Best regards, Holger -- Holger Nowak Junior Projektmanager Datenmanagement | Programmierung psychonomics AG Berrenrather Str. 154-156 D-50937 Köln T +49 (0) 221 42061-346 F +49 (0) 221 42061-100 E-Mail: [EMAIL PROTECTED] www.psychonomics.de --- Neuer psychonomics Kundenmonitor Banken ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Running bind 9.2.4 on Debian Sarge without caps
Title: Running bind 9.2.4 on Debian Sarge without caps Hello, I know that running bind in a vserver guest is a bit problematic, so I decided to recompile Bind with linux-caps disabled according to http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29 and http://www.newt.com/debian/acornHOWTO/ (Section bind9) But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused But I don't think it is a permission problem, since running named in foreground resulting in mystery:/etc/bind# named -g -p 53 Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53 Oct 24 13:50:14.676 using 1 CPU Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf' Segmentation fault (core dumped) strace gives no more information, so I think I've made some mistake configuring the listening server. The crucial file where named is stop is the name.conf.options mystery:/etc/bind# cat named.conf.options options { // Avoids listening on 127.0.0.1. listen-on { 195.227.242.154; }; auth-nxdomain no; # conform to RFC1035 }; controls { inet 195.227.242.154 allow { 195.227.242.154; }; }; The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on the host system. The host system is running bind too but I don't listen to the given IP. If I disable the listen directive I get the following message from named: mystery:/etc/bind# named -g -p 53 Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53 Oct 24 13:56:53.970 using 1 CPU Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf' Oct 24 13:56:53.973 no IPv6 interfaces found Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53 Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed Oct 24 13:56:53.975 exiting (due to assertion failure) Aborted (core dumped) I've been at my wits' end and I hope some could help me. Best regards, Holger -- Holger Nowak Junior Projektmanager Datenmanagement | Programmierung psychonomics AG Berrenrather Str. 154-156 D-50937 Köln T +49 (0) 221 42061-346 F +49 (0) 221 42061-100 E-Mail: [EMAIL PROTECTED] www.psychonomics.de - Neuer "psychonomics Kundenmonitor Banken" ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tuesday 24 October 2006 15:52, Holger Nowak wrote: Hello, I know that running bind in a vserver guest is a bit problematic, so I decided to recompile Bind with linux-caps disabled according to http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_W oody_.283.0.29_and_Sarge_.283.1.29 and http://www.newt.com/debian/acornHOWTO/ (Section bind9) But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused IIRC rndc wants to connect to localhost, which of course is not possible if this resolves to the loopback interface A line like YOUR VSERVERS IP VSERVER HOSTNAME localhost in /etc/hosts should fix that. hth peter. But I don't think it is a permission problem, since running named in foreground resulting in mystery:/etc/bind# named -g -p 53 Oct 24 13:50:14.675 starting BIND 9.2.4 -g -p 53 Oct 24 13:50:14.676 using 1 CPU Oct 24 13:50:14.678 loading configuration from '/etc/bind/named.conf' Segmentation fault (core dumped) strace gives no more information, so I think I've made some mistake configuring the listening server. The crucial file where named is stop is the name.conf.options mystery:/etc/bind# cat named.conf.options options { // Avoids listening on 127.0.0.1. listen-on { 195.227.242.154; }; auth-nxdomain no;# conform to RFC1035 }; controls { inet 195.227.242.154 allow { 195.227.242.154; }; }; The one and only IP is 195.227.242.154 which is a virtual IP on eth0:5 on the host system. The host system is running bind too but I don't listen to the given IP. If I disable the listen directive I get the following message from named: mystery:/etc/bind# named -g -p 53 Oct 24 13:56:53.970 starting BIND 9.2.4 -g -p 53 Oct 24 13:56:53.970 using 1 CPU Oct 24 13:56:53.973 loading configuration from '/etc/bind/named.conf' Oct 24 13:56:53.973 no IPv6 interfaces found Oct 24 13:56:53.973 listening on IPv4 interface eth0:5, 195.227.242.154#53 Oct 24 13:56:53.975 peer.c:87: REQUIRE(*list != ((void *)0)) failed Oct 24 13:56:53.975 exiting (due to assertion failure) Aborted (core dumped) I've been at my wits' end and I hope some could help me. Best regards, Holger -- Holger Nowak Junior Projektmanager Datenmanagement | Programmierung psychonomics AG Berrenrather Str. 154-156 D-50937 Köln T +49 (0) 221 42061-346 F +49 (0) 221 42061-100 E-Mail: [EMAIL PROTECTED] www.psychonomics.de --- Neuer psychonomics Kundenmonitor Banken ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter -- ~ Peter Sabaini ARC Seibersdorf research GmbH Biomedical Engineering / eHealth systems Reininghausstrasse 13/1, 8020 Graz, Austria T: +43(0)316 586570-55, F:+43(0)316 586570-12 [EMAIL PROTECTED], http://www.arcsmed.at/ehs ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused IIRC rndc wants to connect to localhost, which of course is not possible if this resolves to the loopback interface A line like YOUR VSERVERS IP VSERVER HOSTNAME localhost in /etc/hosts should fix that. I forgot to post. This didn't help. Before your mail my /etc/hosts looks like 195.227.242.154 localhost I added the vserver hostname but it didn't change anything Every command with rndc like rndc -s localhost stats fails with connection refused. Localhost is reachable: mystery:/# ping -c3 localhost PING mystery (195.227.242.154) 56(84) bytes of data. 64 bytes from mystery (195.227.242.154): icmp_seq=1 ttl=64 time=0.029 ms ... Regards, Holger --- Neuer psychonomics Kundenmonitor Banken ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
Hi Holger, IIRC rndc wants to connect to localhost, which of course is not possible if this resolves to the loopback interface A line like YOUR VSERVERS IP VSERVER HOSTNAME localhost in /etc/hosts should fix that. If I remember correctly rndc does not respect the hosts file. You have to set up /etc/bind/rndc.conf like this: include /etc/bind/rndc.key; options { default-server 195.227.242.154; default-key rndc-key; }; and generate a key in /etc/bind/rndc-key with rndc-confgen. Regards, Christoph ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
I just checked my named.conf.options and I also have a listen-on-v6 { none; }; in there. This should be the default, but might be worth a shot anyway - peter. On Tuesday 24 October 2006 16:52, Holger Nowak wrote: But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused IIRC rndc wants to connect to localhost, which of course is not possible if this resolves to the loopback interface A line like YOUR VSERVERS IP VSERVER HOSTNAME localhost in /etc/hosts should fix that. I forgot to post. This didn't help. Before your mail my /etc/hosts looks like 195.227.242.154 localhost I added the vserver hostname but it didn't change anything Every command with rndc like rndc -s localhost stats fails with connection refused. Localhost is reachable: mystery:/# ping -c3 localhost PING mystery (195.227.242.154) 56(84) bytes of data. 64 bytes from mystery (195.227.242.154): icmp_seq=1 ttl=64 time=0.029 ms ... Regards, Holger --- Neuer psychonomics Kundenmonitor Banken ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- ~ Peter Sabaini ARC Seibersdorf research GmbH Biomedical Engineering / eHealth systems Reininghausstrasse 13/1, 8020 Graz, Austria T: +43(0)316 586570-55, F:+43(0)316 586570-12 [EMAIL PROTECTED], http://www.arcsmed.at/ehs ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
AW: AW: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
Hi Christoph and Peter, IIRC rndc wants to connect to localhost, which of course is not possible if this resolves to the loopback interface A line like YOUR VSERVERS IP VSERVER HOSTNAME localhost in /etc/hosts should fix that. If I remember correctly rndc does not respect the hosts file. You have to set up /etc/bind/rndc.conf like this: include /etc/bind/rndc.key; options { default-server 195.227.242.154; default-key rndc-key; }; and generate a key in /etc/bind/rndc-key with rndc-confgen. I did copy the key in rndc.conf but neither this nor including the file doesn't change the behaviour. Also the options not to listen to ipv6 doesn't change anything. Regards, Holger --- Neuer psychonomics Kundenmonitor Banken ab Ende September 2006 erhaeltlich. Weitere Info: www.psychonomics.de/kundenmonitor_banken psychonomics Newsletter bestellen: www.psychonomics.de/newsletter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Running bind 9.2.4 on Debian Sarge without caps
On Tue, Oct 24, 2006 at 03:52:58PM +0200, Holger Nowak wrote: I know that running bind in a vserver guest is a bit problematic, so I decided to recompile Bind with linux-caps disabled according to [1]http://linux-vserver.org/Problematic_Programs#Bind9_on_Debian_GNU.2FLinux_Woody_.283.0.29_and_Sarge_.283.1.29 and [2]http://www.newt.com/debian/acornHOWTO/ (Section bind9) But I couldn't start named properly. No error messages neither on promt nor on syslog occur but the name server isn't running. If I want to stop the service I receive the well known message: Stopping domain name service: namedrndc: connect failed: connection refused which kernel and which vserver patch ??? i talk about debian bind9 a few weeks ago with Herbert on irc, but i was very busy ... so try 'normal' debian packages WITH enabled linux-caps ... on 2.6.17.11 and vs2.0.2 bind9 can work normally like other programs ... (maybe) ... i must deeply investigate all my settings ... i have my own recompiled kernel and my own recompiled bind9 ... -- 5o Peter.Mann at tuke.sk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver