Date: Sat, 14 Feb 2009 17:28:05 -0500 From: "Michael Scheidell" <scheidell@secnap.net> To: "Anders Hagman" <anders.hagman@netplex.se>, <freebsd-jail@freebsd.org> Subject: RE: BIND in jail problem Message-ID: <01f701c98ef3$838c2cd7$0d01460a@secnap.com>
next in thread | raw e-mail | index | archive | help
172 16 101 3 is what you should be listening on abduction use in resolve =
cong.
-----Original Message-----
From: Anders Hagman <anders.hagman@netplex.se>
Sent: Saturday, February 14, 2009 5:03 PM
To: freebsd-jail@freebsd.org <freebsd-jail@freebsd.org>
Subject: BIND in jail problem
Hi
I'm trying to use BIND inside a jail and have passed the chroot
problem and have a running named without chroot.
The problem is that the jail does not have the address 127.0.0.1 or does =
not use=20
the info in resolv.conf.
When I use the host command I get:
[root@ippbx1 ~]# host ippbx1
;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53
/etc/resolv.conf
domain kalmar.se
search kalmar.se
nameserver 127.0.0.1
tcpdump:
21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], =
proto UDP=20
(17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1. =
(24)
21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], =
proto UDP=20
(17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail =
0/0/0 (24
As you can see the destination address is 172.16.101.3 despite the name =
server=20
address in resolv.conf. The host command does not add the domain as it =
should=20
and sends the query as "A? ippbx1" instead of "A? ippbx1.kalmar.se". The =
host=20
command expects to get an answer from 127.0.0.1.
Changing the nameserver address in resolv.conf to 172.16.101.3 does not =
change=20
anything. Using the FQDN does not help because it's still the wrong =
expected=20
address. The only thing that works is: host ippbx1.kalmar.se =
172.16.101.3.
Using ping give a different picture:
[root@ippbx1 ~]# ping ippbx1
ping: cannot resolve ippbx1: Host name lookup failure
/etc/resolv.conf
domain kalmar.se
search kalmar.se
nameserver 172.16.101.3
tcpdump:
21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], =
proto UDP=20
(17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? =
ippbx1.kalmar.se. (34)
21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], =
proto=20
ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port =
53=20
unreachable, length 36
ping does add the domain to the query but does not read the address from =
resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host =
0=20
machine and does not run BIND.
uname -a
FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0
named -v
BIND 9.4.2-P2
named.conf:
zone "kalmar.se" { type master; file "master/kalmar"; };
zone "101.16.172.in-addr.arpa" { type master; file "master/kalmar.rev"; =
};
zone file kalmar:
$TTL 3h
@ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h
; Serial, Refresh, Retry, Expire, Neg. cache TTL
IN NS ippbx1.kalmar.se.
ippbx1 IN A 172.16.101.3
zone file kalmar.rev:
$TTL 3h
@ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h
; Serial, Refresh, Retry, Expire, Neg. cache TTL
IN NS ippbx1.kalmar.se.
3 IN PTR ippbx1.kalmar.se.
Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab
and want to run six autonomous jails with DNS, DHCP, NTP and asterisk =
inside.
DHCP and Asterisk works but DNS is vital for the lab.
BR
Anders H
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01f701c98ef3$838c2cd7$0d01460a>