Re: named (bind) in jail does not start

2003-12-01 Thread Axel S. Gruner
On Sat, 29 Nov 2003 15:39:50 +
Matthew Seaman [EMAIL PROTECTED] wrote something
special:

 On Sat, Nov 29, 2003 at 03:23:48PM +0100, Axel S. Gruner wrote:
  /usr/sbin/named
  
  i get this error message:

  opensocket_f: bind([0.0.0.0].53): Address already in use
  
  Ok, Port 53 is not in use in the jail nor the hostsystem.
  I think the problem is 0.0.0.0, and i have to bind named on the IP
  of the jail. 
  
  I tested same named configuration on the hostsystem, i thought about
  some misconfigration, but on the hostsystem named starts perfectly.
  
  I also tried to start named with -g and -u in the jail, same error.
  
  So, my short question is, how can i run named in the jail?
  Any ideas?
 
 [...]
 In bind9 you need to add something like the following to named.conf --
 bind8 will be similar:
 
 options {
 
 [...]
 
 listen-on {
 192.168.1.1;
 };
 query-source address 192.168.1.1 port 53;
 transfer-source  192.168.1.1 port 53;
 notify-source192.168.1.1 port 53;
 };

Yes. Thats it. Thanks a lot. 


-- 
asg

Die Antwort auf alle Fragen ist 42.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: named (bind) in jail does not start

2003-11-29 Thread Pawel Malachowski
On Sat, Nov 29, 2003 at 03:29:40PM +0100, Melvyn Sopacua wrote:

  Ok, Port 53 is not in use in the jail nor the hostsystem.
  I think the problem is 0.0.0.0, and i have to bind named on the IP of
  the jail.
 
  I tested same named configuration on the hostsystem, i thought about
  some misconfigration, but on the hostsystem named starts perfectly.
 
 See named.conf(5)/listen-on

FYI: I'm using named (bind9) in jail on RELENG_4, it works just fine,
*without* listen-on directive.

Please try `netstat -an -f inet' to make sure, there is no conflict.


-- 
Pawe Maachowski
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: named (bind) in jail does not start

2003-11-29 Thread Matthew Seaman
On Sat, Nov 29, 2003 at 03:23:48PM +0100, Axel S. Gruner wrote:
 
 Hi.
 
 I have configured named in jail (FreeBSD 5.1-RELEASE-p10).
 If i want to start named in the jail
 
 /usr/sbin/named
 
 i get this error message:
   
 opensocket_f: bind([0.0.0.0].53): Address already in use
 
 Ok, Port 53 is not in use in the jail nor the hostsystem.
 I think the problem is 0.0.0.0, and i have to bind named on the IP of
 the jail. 
 
 I tested same named configuration on the hostsystem, i thought about
 some misconfigration, but on the hostsystem named starts perfectly.
 
 I also tried to start named with -g and -u in the jail, same error.
 
 So, my short question is, how can i run named in the jail?
 Any ideas?

Yes.  The problem is that named is attempting to bind(2) to
INADDR_ANY.  In a jail, that includes the loopback address.  Problem
is, jails don't get their own loopback addresses -- there's just the
one loopback shared between the host system and all jails.  Which
effectively means that jailed processes can't bind to the loopback.

The answer is to configure named to only bind to the jail IP number --
see http://www.isc.org/products/BIND/docs/config/ (for bind8) or
http://www.nominum.com/content/documents/bind9arm.pdf (for bind9)
[available in HTML as
file:///usr/local/share/doc/bind9/arm/Bv9ARM.html if you've installed
the bind9 port.]

In bind9 you need to add something like the following to named.conf --
bind8 will be similar:

options {

[...]

listen-on {
192.168.1.1;
};
query-source address 192.168.1.1 port 53;
transfer-source  192.168.1.1 port 53;
notify-source192.168.1.1 port 53;
};

There are equivalent IPv6 statements if you're an IPv6 user.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature