On Tue, 2005-11-15 at 17:00 +0300, Dmitry Koterov wrote: > Hello. > > Shortly: when I use BIND (or PowerDNS) inside vserver listening > ALL addresses (0.0.0.0), nslookup to server 127.0.0.1 shows error > message "reply from unexpected source: 213.248.62.106#53, > expected 127.0.0.1#53" Which is true, as your nameserver (powerdns or bind) is assigned your vserver interface as primary interface and answers are sent with that source.
> Long description. I have installed linux-vserver (named "zulu") > on kernel 2.6.12.5 and set up one real IP for it - > 213.248.62.106: > > [EMAIL PROTECTED] /]# ifconfig > eth0 Link encap:Ethernet HWaddr 00:30:48:75:13:D2 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:39623139 errors:0 dropped:0 overruns:0 frame:0 > TX packets:18575687 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:50148146621 (46.7 GiB) TX bytes:1249870165 (1.1 GiB) > Base address:0x3000 Memory:dd300000-dd320000 > > eth0:zulu Link encap:Ethernet HWaddr 00:30:48:75:13:D2 > inet addr:213.248.62.106 Bcast:213.248.62.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > Base address:0x3000 Memory:dd300000-dd320000 > > First question: why doesn't ifconfig show "lo" interface? > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ lo is not assigned to your context and therefor not shown. > Then, I installed named (BIND), compiled it with > --disable-linux-caps before. BIND listens on all IP addresses > inside vserver: > > [EMAIL PROTECTED] /]# netstat -na > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address > State > tcp 0 0 213.248.62.106:53 0.0.0.0:* > LISTEN > udp 0 0 213.248.62.106:53 0.0.0.0:* > ... This shows only listening on your vserver ip address. And answering to the world ;) > Then I try nslookup: > > [EMAIL PROTECTED] /]# nslookup > > server 127.0.0.1 > Default server: 127.0.0.1 > Address: 127.0.0.1#53 > > hostmag.ru. > ;; reply from unexpected source: 213.248.62.106#53, expected 127.0.0.1#53 > ;; reply from unexpected source: 213.248.62.106#53, expected 127.0.0.1#53 FWIR: The first interface brought up in the context is 'assigned' the functionality of lo0. For a more detailed explaination you have to rely on the developers/experts answer(s)... I'm just a simple end user ;) > Second question: what's wrong? Why BIND tries to answer from > vserver IP address, but NOT from localhost which I used? > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ localhost is just a name, so I guess you're refering to the loopback ip address which defaults to 127.0.0.1 As I explained above, 127.0.0.1 is not assigned to your guest context and so is not used as reply address by your nameserver > I have also tried PowerDNS instead of BIND - absolutely same > effect. As to be expected. > I do not want to write 213.248.62.106 in my resolv.conf, because > this IP may be changed one fine day, or vserver will be moved to > another machine. It always needs an ip address, so why not rewrite /etc/resolv.conf from pre-start or post-start and use the ip address assigned at time as nameserver. > Seems networking stack isolation in linux-vserver is not finished > yet? I don't know the answer to this one, but it seems that it is doing its job quite nicely ;) -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
