Public bug reported:

1) I had to install authbind and set /etc/authbind/byuid/nn to
0.0.0.0/53,53 to get maraDNS to work, as otherwise when it chroot's to
maradns, it cannot bind to port 53.

2) Zoneserver runs under UID 99 rather than migrating also to maradns,
although TCP requests are rare.

nn is the maradns uid so I have added files for nn and 99.

Samboy reports that this is a Debian issue, which is the upstream
supplier:

https://github.com/samboy/MaraDNS/issues/40

iptables on port 53 - both sport and dport directions open:

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state 
NEW,ESTABLISHED
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53

apport example report (it is installed on 4 16.04 LTS nameservers but
they all need authbind):

ProblemType: Bug
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Tue Mar  6 12:16:42 2018
Dependencies:
 adduser 3.113+nmu3ubuntu4
 apt 1.2.25
 apt-utils 1.2.25
 debconf 1.5.58ubuntu1
 debconf-i18n 1.5.58ubuntu1
 debianutils 4.7
 dpkg 1.18.4ubuntu1.3
 duende 2.0.13-1
 gcc-5-base 5.4.0-6ubuntu1~16.04.9
 gcc-6-base 6.0.1-0ubuntu1
 gnupg 1.4.20-1ubuntu3.1
 gpgv 1.4.20-1ubuntu3.1
 init-system-helpers 1.29ubuntu4
 libacl1 2.2.52-3
 libapt-inst2.0 1.2.25
 libapt-pkg5.0 1.2.25
 libattr1 1:2.4.47-2
 libaudit-common 1:2.4.5-1ubuntu2.1
 libaudit1 1:2.4.5-1ubuntu2.1
 libbz2-1.0 1.0.6-8
 libc6 2.23-0ubuntu10
 libdb5.3 5.3.28-11ubuntu0.1
 libgcc1 1:6.0.1-0ubuntu1
 liblocale-gettext-perl 1.07-1build1
 liblz4-1 0.0~r131-2ubuntu2
 liblzma5 5.1.1alpha+20120614-2ubuntu2
 libpam-modules 1.1.8-3.2ubuntu2
 libpam-modules-bin 1.1.8-3.2ubuntu2
 libpam0g 1.1.8-3.2ubuntu2
 libpcre3 2:8.41-4+ubuntu16.04.1+deb.sury.org+1 [origin: LP-PPA-ondrej-php]
 libreadline6 6.3-8ubuntu2
 libselinux1 2.4-3build2
 libsemanage-common 2.3-1build3
 libsemanage1 2.3-1build3
 libsepol1 2.4-2
 libstdc++6 5.4.0-6ubuntu1~16.04.9
 libtext-charwidth-perl 0.04-7build5
 libtext-iconv-perl 1.7-5build4
 libtext-wrapi18n-perl 0.06-7.1
 libtinfo5 6.0+20160213-1ubuntu1
 libusb-0.1-4 2:0.1.12-28
 libustr-1.0-1 1.0.4-5
 lsb-base 9.20160110ubuntu0.2
 maradns 2.0.13-1
 maradns-zoneserver 2.0.13-1
 multiarch-support 2.23-0ubuntu10
 passwd 1:4.2-3.1ubuntu5.3
 perl-base 5.22.1-9ubuntu0.2
 readline-common 6.3-8ubuntu2
 sensible-utils 0.0.9
 tar 1.28-2.1ubuntu0.1
 ubuntu-keyring 2012.05.19
 zlib1g 1:1.2.8.dfsg-2ubuntu4.1
DistroRelease: Ubuntu 16.04
InstallationDate: Installed on 2018-01-22 (43 days ago)
InstallationMedia: Ubuntu-Server 16.04.3 LTS "Xenial Xerus" - Release amd64 
(20170801)
JournalErrors:
 -- Logs begin at Tue 2018-03-06 05:42:01 GMT, end at Tue 2018-03-06 12:16:01 
GMT. --
 Mar 06 06:19:01 hostname postfix/cleanup[17814]: warning: database 
/etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 07:03:01 hostname postfix/cleanup[18863]: warning: database 
/etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 07:50:01 hostname postfix/cleanup[20299]: warning: database 
/etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 07:56:01 hostname postfix/cleanup[20422]: warning: database 
/etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 09:26:01 hostname postfix/cleanup[22579]: warning: database 
/etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 09:28:42 hostname etc_maradns_mararc-zs[3307]: Log: Root directory 
changed
 Mar 06 09:28:42 hostname etc_maradns_mararc-zs[3307]: Log: Socket opened on 
TCP port 53
 Mar 06 09:28:42 hostname etc_maradns_mararc-zs[3307]: Log: Root privileges 
dropped
 Mar 06 09:41:21 hostname etc_maradns_mararc-zs[3307]: Log: Root directory 
changed
 Mar 06 09:41:21 hostname etc_maradns_mararc-zs[3307]: Log: Socket opened on 
TCP port 53
 Mar 06 09:41:21 hostname etc_maradns_mararc-zs[3307]: Log: Root privileges 
dropped
 Mar 06 09:41:22 hostname etc_maradns_mararc-zs[3307]: Log: Root directory 
changed
 Mar 06 09:41:22 hostname etc_maradns_mararc-zs[3307]: Log: Socket opened on 
TCP port 53
 Mar 06 09:41:22 hostname etc_maradns_mararc-zs[3307]: Log: Root privileges 
dropped
 Mar 06 10:13:01 hostname postfix/cleanup[23977]: warning: database 
/etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 11:02:01 hostname postfix/cleanup[25008]: warning: database 
/etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 11:49:01 hostname postfix/cleanup[26399]: warning: database 
/etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Package: maradns 2.0.13-1
PackageArchitecture: amd64
ProcCpuinfoMinimal:
 processor      : 0
 vendor_id      : GenuineIntel
 cpu family     : 6
 model          : 2
 model name     : QEMU Virtual CPU version 2.1.3
 stepping       : 3
 microcode      : 0x1
 cpu MHz                : 1999.998
 cache size     : 4096 KB
 physical id    : 0
 siblings       : 1
 core id                : 0
 cpu cores      : 1
 apicid         : 0
 initial apicid : 0
 fpu            : yes
 fpu_exception  : yes
 cpuid level    : 4
 wp             : yes
 flags          : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 popcnt 
hypervisor lahf_lm abm kaiser
 bugs           :
 bogomips       : 3999.99
 clflush size   : 64
 cache_alignment        : 64
 address sizes  : 40 bits physical, 48 bits virtual
 power management:
ProcEnviron:
 LANGUAGE=en_GB:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98
SourcePackage: maradns
Tags: third-party-packages xenial
Uname: Linux 4.4.0-112-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
_MarkForUpload: True
modified.conffile..etc.maradns.mararc:
 ipv4_bind_addresses = "127.0.0.1,46.43.15.207"
 hide_disclaimer = "YES"
 chroot_dir = "/etc/maradns"
 maradns_user="maradns"
 no_fingerprint = 1
 debug_msg_level = 0
 verbose_level = 0
 max_chain = 8
 max_ar_chain = 1
 max_total = 20
 #synth_soa_origin = ""
 tcp_convert_acl = "0.0.0.0/0"
 tcp_convert_server = "46.43.15.207"
 long_packet_ipv4 = "46.43.15.207"
 ipv4_alias = {}
 # [abc].ns.bytemark.c.ok
 ipv4_alias["bytemark"] = "80.68.80.26,85.17.170.78,80.68.80.27"
 ## ICANN: the most common and most controversial root name server
 ## http://www.icann.org
 #ipv4_alias["icann"] = 
"198.41.0.4,128.9.0.107,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,198.32.64.12,202.12.27.33"
 ## OSRC: http://www.open-rsc.org/
 #ipv4_alias["osrc"] = 
"199.166.24.1,205.189.73.102,199.166.24.3,207.126.103.16,195.117.6.10,205.189.73.10,204.57.55.100,213.196.2.97"
 ## AlterNIC: http://www.alternic.org/
 #ipv4_alias["alternic"] = 
"160.79.129.192,24.6.78.12,160.79.133.70,65.15.8.202,216.162.42.240,195.224.64.190,160.79.133.66,216.162.42.185"
 ## OpenNIC: http://www.opennic.unrated.net/
 ipv4_alias["opennic"] = 
"131.161.247.226,209.151.84.102,64.247.218.140,64.247.218.149,209.104.33.250,209.104.63.249,209.151.84.103,199.175.137.211,207.6.128.246,65.243.92.254"
 # The following line must be uncommented to enable recursive queries
 root_servers = {}
 root_servers["."] = "bytemark"
 csv2 = {}
 csv2["alex-logsdon.com."] = "alex-logsdon.com.db"
 csv2["edgetherapy.com."] = "edgetherapy.com.db"
 csv2["elainecolliar.com."] = "elainecolliar.com.db"
 csv2["enemyofdebt.com."] = "enemyofdebt.com.db"
 csv2["fiftyandfun.com."] = "fiftyandfun.com.db"
 csv2["john-logsdon.com."] = "john-logsdon.com.db"
 csv2["lxlautos.com."] = "lxlautos.com.db"
 csv2["maria-nedeva.com."] = "maria-nedeva.com.db"
 csv2["mortgagefreeinthree.com."] = "mortgagefreeinthree.com.db"
 csv2["philip-logsdon.com."] = "philip-logsdon.com.db"
 csv2["quantex.co.uk."] = "quantex.co.uk.db"
 csv2["quantex-research.com."] = "quantex-research.com.db"
 csv2["quantex-research.co.uk."] = "quantex-research.co.uk.db"
 csv2["readysteadygowebsites.com."] = "readysteadygowebsites.com.db"
 csv2["rotundwriter.com."] = "rotundwriter.com.db"
 csv2["the4starjournal.com."] = "the4starjournal.com.db"
 csv2["thefourstarjournal.com."] = "thefourstarjournal.com.db"
 csv2["themoneyprinciple.co.uk."] = "themoneyprinciple.co.uk.db"

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: maradns 2.0.13-1
ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98
Uname: Linux 4.4.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Tue Mar  6 12:02:35 2018
InstallationDate: Installed on 2018-01-22 (43 days ago)
InstallationMedia: Ubuntu-Server 16.04.3 LTS "Xenial Xerus" - Release amd64 
(20170801)
ProcEnviron:
 LANGUAGE=en_GB:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: maradns
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.maradns.mararc: 2018-02-22T14:01:13

** Affects: maradns (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug third-party-packages xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1753847

Title:
  maradns not binding to port 53 after chroot

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/maradns/+bug/1753847/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to