From: <Mik...@ix...> - 2008-01-17 16:06:04
|
Hi, =20 I'm having some problems with running bind in a jailed environment. I = have several slave zones, which is updated from the master server, = currently not using dnssec simply to eliminate as many sources of errors = as possible. =20 The problem I'm having is that bind isn't writing the updates to the = zone files. The zones are transferred properly and I can resolve the = newly added hosts, however as soon as I restart the service the changes = are lost since no file is written. Is this a known bug/feature of = devillinux when using jailed environment? =20 Ps: I'm not getting any errors at all from bind, so I assume that bind = belives it has written the files properly. =20 med v=E4nliga h=E4lsningar Mikael Schmidt IT-konsult IXX IT-Partner AB Helsingborgsv 60, 262 72 =C4ngelholm Tel: 0431 - 44 51 00 Fax: 0431 - 195 80 www.ixx.se <http://www.ixx.se>=20 =20 |
From: Bruce S. <bw...@ar...> - 2008-01-17 16:16:00
|
> I’m having some problems with running bind in a jailed environment. I > have several slave zones, which is updated from the master server, > currently not using dnssec simply to eliminate as many sources of > errors as possible. > > The problem I’m having is that bind isn’t writing the updates to the > zone files. The zones are transferred properly and I can resolve the > newly added hosts, however as soon as I restart the service the > changes are lost since no file is written. Is this a known bug/feature > of devillinux when using jailed environment? > > Ps: I’m not getting any errors at all from bind, so I assume that bind > belives it has written the files properly. When you start BIND, it copies the zone files to a temporary location in the change-root/jail directory structure. Changes are made there, not in the original directory. Every time you restart the service, it copies over the original zone files to the chroot env, so your changes appear to be lost. - BS |
From: <Mik...@ix...> - 2008-01-18 07:42:14
|
SGksDQoNCk9rLCBJIHNlZSB3aGF0IHlvdSBtZWFuLCBidXQgd2hlbiB0aGUgc2VydmljZSBpcyBz aHV0ZG93biBvciByZXN0YXJ0ZWQsIHRoZSBjaGFuZ2VkIGZpbGVzIHNob3VsZCBiZSBjb3BpZWQg YmFjaywgcmlnaHQ/IEFzIGl0IGlzIG5vdywgYXMgc29vbiBhcyB0aGUgamFpbCBicmVha3MsIGFs bCBjaGFuZ2VzIGFyZSBsb3N0LiBJZiBJIHVzZSBCSU5EIGluIGEgamFpbGVkIGVudmlyb25tZW50 IGluIGFub3RoZXIgTGludXggZGlzdHJpYnV0aW9uLCB0aGUgY2hhbmdlcyBhcmUgd3JpdHRlbiB0 byB0aGUgem9uZSBmaWxlcy4gSXMgdGhlcmUgYW55IHBhcmFtZXRlcnMgb3Igc3VjaCB0aGF0IEkg aGF2ZSBtaXNzZWQgd2hpY2ggSSBuZWVkIHRvIGNvbmZpZ3VyZSB0byBtYWtlIHRoaXMgaGFwcGVu PyBJIHJlYWxseSBjYW4ndCBoYXZlIHRoZSBjaGFuZ2VzIGdvIGxvc3QgZXZlcnkgdGltZSBCSU5E IGlzIHJlc3RhcnRlZCwgaGF2aW5nIHRvIHdhaXQgZm9yIGFuIHVwZGF0ZSBmcm9tIHRoZSBtYXN0 ZXIgRE5TIHdoZW4gdGhlIG1hc3RlciBjb3VsZCBiZSBvZmZsaW5lLg0KDQpLaW5kIHJlZ2FyZHMs DQpNaWthZWwgU2NobWlkdA0KSVQtY29uc3VsdGFudA0KDQpJWFggSVQtUGFydG5lciBBQg0KSGVs c2luZ2JvcmdzdiA2MCwgMjYyIDcyIMOEbmdlbGhvbG0NClRlbDogMDQzMSAtIDQ0IDUxIDAwIEZh eDogMDQzMSAtIDE5NSA4MA0Kd3d3Lml4eC5zZQ0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0t LQ0KRnJvbTogZGV2aWwtbGludXgtZGlzY3Vzcy1ib3VuY2VzQGxpc3RzLnNvdXJjZWZvcmdlLm5l dCBbbWFpbHRvOmRldmlsLWxpbnV4LWRpc2N1c3MtYm91bmNlc0BsaXN0cy5zb3VyY2Vmb3JnZS5u ZXRdIE9uIEJlaGFsZiBPZiBCcnVjZSBTbWl0aA0KU2VudDogZGVuIDE3IGphbnVhcmkgMjAwOCAx NzoxOA0KVG86IGRldmlsLWxpbnV4LWRpc2N1c3NAbGlzdHMuc291cmNlZm9yZ2UubmV0DQpTdWJq ZWN0OiBSZTogW0RldmlsLUxpbnV4LWRpc2N1c3NdIFJ1bm5pbmcgYmluZCBpbiBqYWlsIGFzIHNs YXZlDQoNCg0KPiBJ4oCZbSBoYXZpbmcgc29tZSBwcm9ibGVtcyB3aXRoIHJ1bm5pbmcgYmluZCBp biBhIGphaWxlZCBlbnZpcm9ubWVudC4gSQ0KPiBoYXZlIHNldmVyYWwgc2xhdmUgem9uZXMsIHdo aWNoIGlzIHVwZGF0ZWQgZnJvbSB0aGUgbWFzdGVyIHNlcnZlciwNCj4gY3VycmVudGx5IG5vdCB1 c2luZyBkbnNzZWMgc2ltcGx5IHRvIGVsaW1pbmF0ZSBhcyBtYW55IHNvdXJjZXMgb2YNCj4gZXJy b3JzIGFzIHBvc3NpYmxlLg0KPiAgDQo+IFRoZSBwcm9ibGVtIEnigJltIGhhdmluZyBpcyB0aGF0 IGJpbmQgaXNu4oCZdCB3cml0aW5nIHRoZSB1cGRhdGVzIHRvIHRoZQ0KPiB6b25lIGZpbGVzLiBU aGUgem9uZXMgYXJlIHRyYW5zZmVycmVkIHByb3Blcmx5IGFuZCBJIGNhbiByZXNvbHZlIHRoZQ0K PiBuZXdseSBhZGRlZCBob3N0cywgaG93ZXZlciBhcyBzb29uIGFzIEkgcmVzdGFydCB0aGUgc2Vy dmljZSB0aGUNCj4gY2hhbmdlcyBhcmUgbG9zdCBzaW5jZSBubyBmaWxlIGlzIHdyaXR0ZW4uIElz IHRoaXMgYSBrbm93biBidWcvZmVhdHVyZQ0KPiBvZiBkZXZpbGxpbnV4IHdoZW4gdXNpbmcgamFp bGVkIGVudmlyb25tZW50Pw0KPiAgDQo+IFBzOiBJ4oCZbSBub3QgZ2V0dGluZyBhbnkgZXJyb3Jz IGF0IGFsbCBmcm9tIGJpbmQsIHNvIEkgYXNzdW1lIHRoYXQgYmluZA0KPiBiZWxpdmVzIGl0IGhh cyB3cml0dGVuIHRoZSBmaWxlcyBwcm9wZXJseS4NCg0KV2hlbiB5b3Ugc3RhcnQgQklORCwgaXQg Y29waWVzIHRoZSB6b25lIGZpbGVzIHRvIGEgdGVtcG9yYXJ5IGxvY2F0aW9uIGluDQp0aGUgY2hh bmdlLXJvb3QvamFpbCBkaXJlY3Rvcnkgc3RydWN0dXJlLiAgQ2hhbmdlcyBhcmUgbWFkZSB0aGVy ZSwgbm90DQppbiB0aGUgb3JpZ2luYWwgZGlyZWN0b3J5Lg0KDQpFdmVyeSB0aW1lIHlvdSByZXN0 YXJ0IHRoZSBzZXJ2aWNlLCBpdCBjb3BpZXMgb3ZlciB0aGUgb3JpZ2luYWwgem9uZQ0KZmlsZXMg dG8gdGhlIGNocm9vdCBlbnYsIHNvIHlvdXIgY2hhbmdlcyBhcHBlYXIgdG8gYmUgbG9zdC4NCg0K IC0gQlMNCg0KDQoNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KVGhpcyBTRi5uZXQgZW1haWwgaXMgc3Bv bnNvcmVkIGJ5OiBNaWNyb3NvZnQNCkRlZnkgYWxsIGNoYWxsZW5nZXMuIE1pY3Jvc29mdChSKSBW aXN1YWwgU3R1ZGlvIDIwMDguDQpodHRwOi8vY2xrLmF0ZG10LmNvbS9NUlQvZ28vdnNlMDEyMDAw MDA3MG1ydC9kaXJlY3QvMDEvDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXw0KRGV2aWwtbGludXgtZGlzY3VzcyBtYWlsaW5nIGxpc3QNCkRldmlsLWxpbnV4 LWRpc2N1c3NAbGlzdHMuc291cmNlZm9yZ2UubmV0DQpodHRwczovL2xpc3RzLnNvdXJjZWZvcmdl Lm5ldC9saXN0cy9saXN0aW5mby9kZXZpbC1saW51eC1kaXNjdXNzDQo= |
From: Bruce S. <bw...@ar...> - 2008-01-18 12:06:45
|
> Ok, I see what you mean, but when the service is shutdown or restarted, the changed files should be copied back, right? As it is now, as soon as the jail breaks, all changes are lost. If I use BIND in a jailed environment in another Linux distribution, the changes are written to the zone files. Is there any parameters or such that I have missed which I need to configure to make this happen? I really can't have the changes go lost every time BIND is restarted, having to wait for an update from the master DNS when the master could be offline. > Copying the files back when BIND is shutdown would help, but if there is an abnormal shutdown or power outage, the changes would still be lost. Copying the files back periodically with cron would be another option. Or perhaps setting up a permanent chroot directory so the permanent location is the same as the chroot location? I don't know the best solution. One quick solution would be to turn off the chroot jail. - BS |
From: Serge L. <fi...@in...> - 2008-01-18 14:18:40
|
Bruce Smith wrote: > Or perhaps setting up a permanent chroot directory so the permanent > location is the same as the chroot location? > > I don't know the best solution. Bruce, I'm sorry but I'm not sure that I understood you correctly. Do you mean mount with "--bind" option for a permanent location of slave zones to the chroot location? If yes, I like this idea. -- Serge Leschinsky |
From: Bruce S. <bw...@ar...> - 2008-01-18 15:51:09
|
> > Or perhaps setting up a permanent chroot directory so the permanent > > location is the same as the chroot location? > > > > I don't know the best solution. > > Bruce, I'm sorry but I'm not sure that I understood you correctly. > Do you mean mount with "--bind" option for a permanent location of slave zones > to the chroot location? That would be the easiest way, as long as "mount --bind" works with the chroot like we need it to (never tired it). > If yes, I like this idea. Me too. :-) - BS |