Re: BIND: could not configure root hints from 'named.root': file not found
CyberLeo Kitsana, Thank you so much for the history and evolution on Bind expected directory structures. It enabled me to jump through that tough spot. Thanks again, Matthew On 10/01/2010 12:52 PM, Matthew wrote: I would be grateful for any pointers on how to resolve this. I suspect the error message may not be exactly descriptive of whats happening. Kinda. Here's a few points to keep in mind when working with bind in FreeBSD: * By default, named runs in a chroot jail rooted at /var/named/. * For security reasons, named cannot write to anything in that tree, except the dynamic, slave, and working directories. * named uses its current working directory to resolve relative pathnames in the configuration file. * With a recent change to ISC Bind 9, named started complaining if it couldn't write to its current working directory. At the time, this was (chroot)/etc/namedb/; this was subsequently changed to (chroot)/etc/namedb/working/ to make named happy without compromising security. When the working directory for named was (chroot)/etc/namedb/, everything was peachy. Since this was changed, relative pathnames no longer work as expected because the reference point is different. The easiest solution is to alter your configuration file to include only absolute pathnames, relative to the root of the jail. The default named config file (in /var/named/etc/namedb/named.conf) is an excellent source of examples for this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: BIND: could not configure root hints from 'named.root': file not found
Krad,
Thank you for the tip. I've changed the . to the correct value.
Matthew
On 1 October 2010 21:16, CyberLeo Kitsanacyber...@cyberleo.net wrote:
On 10/01/2010 12:52 PM, Matthew wrote:
I would be grateful for any pointers on how to resolve this. I suspect
the error message may not be exactly descriptive of whats happening.
Kinda.
Here's a few points to keep in mind when working with bind in FreeBSD:
* By default, named runs in a chroot jail rooted at /var/named/.
* For security reasons, named cannot write to anything in that tree,
except the dynamic, slave, and working directories.
* named uses its current working directory to resolve relative pathnames
in the configuration file.
* With a recent change to ISC Bind 9, named started complaining if it
couldn't write to its current working directory. At the time, this was
(chroot)/etc/namedb/; this was subsequently changed to
(chroot)/etc/namedb/working/ to make named happy without compromising
security.
When the working directory for named was (chroot)/etc/namedb/,
everything was peachy. Since this was changed, relative pathnames no
longer work as expected because the reference point is different. The
easiest solution is to alter your configuration file to include only
absolute pathnames, relative to the root of the jail.
The default named config file (in /var/named/etc/namedb/named.conf) is
an excellent source of examples for this.
--
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
cyber...@cyberleo.net
Furry Peace! - http://.fur.com/peace/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org
Hmm,
options {
directory.;
that doesnt look ideal. Not sure if you are meaning to do that but put an
explicit direcorty in eg /etc/namedb. Otherwise it will be looking in
whatever current directory you are in at that time. The main named.conf will
be found as its supplied via a cli switch by the rc script. However all
subsequent files will come from the current dir
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: BIND: could not configure root hints from 'named.root': file not found
On 1 October 2010 21:16, CyberLeo Kitsana cyber...@cyberleo.net wrote:
On 10/01/2010 12:52 PM, Matthew wrote:
I would be grateful for any pointers on how to resolve this. I suspect
the error message may not be exactly descriptive of whats happening.
Kinda.
Here's a few points to keep in mind when working with bind in FreeBSD:
* By default, named runs in a chroot jail rooted at /var/named/.
* For security reasons, named cannot write to anything in that tree,
except the dynamic, slave, and working directories.
* named uses its current working directory to resolve relative pathnames
in the configuration file.
* With a recent change to ISC Bind 9, named started complaining if it
couldn't write to its current working directory. At the time, this was
(chroot)/etc/namedb/; this was subsequently changed to
(chroot)/etc/namedb/working/ to make named happy without compromising
security.
When the working directory for named was (chroot)/etc/namedb/,
everything was peachy. Since this was changed, relative pathnames no
longer work as expected because the reference point is different. The
easiest solution is to alter your configuration file to include only
absolute pathnames, relative to the root of the jail.
The default named config file (in /var/named/etc/namedb/named.conf) is
an excellent source of examples for this.
--
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
cyber...@cyberleo.net
Furry Peace! - http://.fur.com/peace/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org
Hmm,
options {
directory.;
that doesnt look ideal. Not sure if you are meaning to do that but put an
explicit direcorty in eg /etc/namedb. Otherwise it will be looking in
whatever current directory you are in at that time. The main named.conf will
be found as its supplied via a cli switch by the rc script. However all
subsequent files will come from the current dir
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
BIND: could not configure root hints from 'named.root': file not found
Hello, I noticed my email client was taking just over two minutes to start up, with the mail folder being accessed from a share on an NFS server. After rebuilding my workstation (due to h/w heating problems), I deleted my 50,000 emails from freebsd-questions, and ipfw folders. Now the email client opens the NFS share and starts up in under two seconds :) However, now I must use mmsearch at lists.freebsd.org to search mailing list archives. This gives me Internal Server Error on most of my searches, so I decided to post my question here. I have been running a FreeBSD server in my basement for nearly a decade, and like some on this email list, I also ran into trouble when rebuilding my bind environment in a new server environment. (Server ran out of space and my root partition was too small, so I decided to rebuild the box, only to be reminded BIND is tricky to configure.) The BIND files look like Greek to me (no offense intended to Grecians.) Its been at least eight years since I read much of DNS and Bind and my copy is now languishing at some former client or employer. I've been reading man pages, handbooks, and the like for days. Here's my immediate problem: After building the server, with jails, before putting BIND in the jail, I decided to get it working in the host FreeBSD environment. # uname -a FreeBSD www.mbpesecurity.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 From this dir: # pwd /var/named/etc/namedb (symlinked to /etc/namedb) When I start bind: # /etc/rc.d/named onestart Starting named. /etc/rc.d/named: WARNING: failed to start named # pwd /var/named/etc/namedb www# ls named.root named.root Syslogs Show: Oct 1 12:36:35 www named[4663]: starting BIND 9.6.2-P2 -t /var/named -u bind Oct 1 12:36:35 www named[4663]: built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--disable-ipv6' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' Oct 1 12:36:35 www named[4663]: *could not configure root hints from 'named.root': file not found* Oct 1 12:36:35 www named[4663]: loading configuration: file not found Oct 1 12:36:35 www named[4663]: exiting (due to fatal error) Oct 1 12:36:35 www mpope: /etc/rc.d/named: WARNING: failed to start named This perplexes me since 'named.root' is in the starting dir: /etc/namedb, and the 'master' subdir: /etc/namedb/master. # pwd /var/named/etc/namedb (symlinked dir for /etc/namedb) www# ls -ald * drwxr-xr-x 3 root wheel 512 Oct 1 12:28 aborted drwxr-xr-x 2 bind wheel 512 Oct 1 12:33 dynamic drwxr-xr-x 2 root wheel 512 Oct 1 12:36 master -rw-r--r-- 1 root wheel 1783 Oct 1 12:29 named.conf -rw-r--r-- 1 named named 3082 Sep 30 17:44 *named.root* -rw--- 1 bind wheel97 Sep 30 17:20 rndc.key drwxr-xr-x 2 bind wheel 512 Oct 1 12:33 slave drwxr-xr-x 2 bind wheel 512 Oct 1 12:36 working # ls master 0.0.127.IN-ADDR.ARPAempty.db *named.root* 171.248.206.IN-ADDR.ARPAmbpesecurity.com db.bindnamed.localhost Perhaps BIND is actually starting from some other directory? Here is a list of all namedb hits. Since I'm not starting from the jail yet, the only other named dir is in /usr/src/etc/named, the build dir, see listing below. # pwd /var/named/etc/namedb # find / -name namedb /usr/src/etc/namedb == only other named dir /usr/home/j/mroot/usr/src/etc/namedb = START of JAIL Related dirs /usr/home/j/mroot/var/named/etc/namedb| /usr/home/j/skel/var/named/etc/namedb | /usr/home/j/ns/s/etc/namedb | /usr/home/j/ns/s/var/named/etc/namedb | /usr/home/j/ns/usr/src/etc/namedb | /usr/home/j/ns/var/named/etc/namedb | /usr/home/j/mail/s/var/named/etc/namedb | /usr/home/j/mail/usr/src/etc/namedb | /usr/home/j/mail/var/named/etc/namedb | /usr/home/j/www/s/var/named/etc/namedb| /usr/home/j/www/usr/src/etc/namedb| /usr/home/j/www/var/named/etc/namedb | /usr/home/js/ns/etc/namedb| /usr/home/js/ns/var/named/etc/namedb | /usr/home/js/mail/var/named/etc/namedbV /usr/home/js/www/var/named/etc/namedb = END of JAIL dirs /etc/namedb -Sym link dest /var/named/etc/namedb - Sym link src In the unlikely event BIND were running from the build dir (/usr/src/etc/named), there too the named.root file is found: # cd /usr/src/etc/namedb # pwd /usr/src/etc/namedb # ls -al named.root master/named.root -rw-r--r-- 1 root wheel 3082 Oct 1 13:27
Re: BIND: could not configure root hints from 'named.root': file not found
On 10/01/2010 12:52 PM, Matthew wrote: I would be grateful for any pointers on how to resolve this. I suspect the error message may not be exactly descriptive of whats happening. Kinda. Here's a few points to keep in mind when working with bind in FreeBSD: * By default, named runs in a chroot jail rooted at /var/named/. * For security reasons, named cannot write to anything in that tree, except the dynamic, slave, and working directories. * named uses its current working directory to resolve relative pathnames in the configuration file. * With a recent change to ISC Bind 9, named started complaining if it couldn't write to its current working directory. At the time, this was (chroot)/etc/namedb/; this was subsequently changed to (chroot)/etc/namedb/working/ to make named happy without compromising security. When the working directory for named was (chroot)/etc/namedb/, everything was peachy. Since this was changed, relative pathnames no longer work as expected because the reference point is different. The easiest solution is to alter your configuration file to include only absolute pathnames, relative to the root of the jail. The default named config file (in /var/named/etc/namedb/named.conf) is an excellent source of examples for this. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net cyber...@cyberleo.net Furry Peace! - http://.fur.com/peace/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
