Date: Sat, 14 Feb 2009 17:28:05 -0500 From: "Michael Scheidell" <scheidell@secnap.net> To: "Anders Hagman" <anders.hagman@netplex.se>, <freebsd-jail@freebsd.org> Subject: RE: BIND in jail problem Message-ID: <01f701c98ef3$838c2cd7$0d01460a@secnap.com>
next in thread | raw e-mail | index | archive | help
172 16 101 3 is what you should be listening on abduction use in resolve = cong. -----Original Message----- From: Anders Hagman <anders.hagman@netplex.se> Sent: Saturday, February 14, 2009 5:03 PM To: freebsd-jail@freebsd.org <freebsd-jail@freebsd.org> Subject: BIND in jail problem Hi I'm trying to use BIND inside a jail and have passed the chroot problem and have a running named without chroot. The problem is that the jail does not have the address 127.0.0.1 or does = not use=20 the info in resolv.conf. When I use the host command I get: [root@ippbx1 ~]# host ippbx1 ;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53 /etc/resolv.conf domain kalmar.se search kalmar.se nameserver 127.0.0.1 tcpdump: 21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], = proto UDP=20 (17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1. = (24) 21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], = proto UDP=20 (17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail = 0/0/0 (24 As you can see the destination address is 172.16.101.3 despite the name = server=20 address in resolv.conf. The host command does not add the domain as it = should=20 and sends the query as "A? ippbx1" instead of "A? ippbx1.kalmar.se". The = host=20 command expects to get an answer from 127.0.0.1. Changing the nameserver address in resolv.conf to 172.16.101.3 does not = change=20 anything. Using the FQDN does not help because it's still the wrong = expected=20 address. The only thing that works is: host ippbx1.kalmar.se = 172.16.101.3. Using ping give a different picture: [root@ippbx1 ~]# ping ippbx1 ping: cannot resolve ippbx1: Host name lookup failure /etc/resolv.conf domain kalmar.se search kalmar.se nameserver 172.16.101.3 tcpdump: 21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], = proto UDP=20 (17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? = ippbx1.kalmar.se. (34) 21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], = proto=20 ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port = 53=20 unreachable, length 36 ping does add the domain to the query but does not read the address from = resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host = 0=20 machine and does not run BIND. uname -a FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0 named -v BIND 9.4.2-P2 named.conf: zone "kalmar.se" { type master; file "master/kalmar"; }; zone "101.16.172.in-addr.arpa" { type master; file "master/kalmar.rev"; = }; zone file kalmar: $TTL 3h @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h ; Serial, Refresh, Retry, Expire, Neg. cache TTL IN NS ippbx1.kalmar.se. ippbx1 IN A 172.16.101.3 zone file kalmar.rev: $TTL 3h @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h ; Serial, Refresh, Retry, Expire, Neg. cache TTL IN NS ippbx1.kalmar.se. 3 IN PTR ippbx1.kalmar.se. Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab and want to run six autonomous jails with DNS, DHCP, NTP and asterisk = inside. DHCP and Asterisk works but DNS is vital for the lab. BR Anders H _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01f701c98ef3$838c2cd7$0d01460a>