Date: Sun, 15 Feb 2009 09:17:21 +1100 From: David N <davidn04@gmail.com> To: Anders Hagman <anders.hagman@netplex.se> Cc: freebsd-jail@freebsd.org Subject: Re: BIND in jail problem Message-ID: <4d7dd86f0902141417xb626f20h2c694fb3861f751f@mail.gmail.com> In-Reply-To: <499733EC.3040706@netplex.se> References: <499733EC.3040706@netplex.se>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/2/15 Anders Hagman <anders.hagman@netplex.se>:
> Hi
>
> I'm trying to use BIND inside a jail and have passed the chroot
> problem and have a running named without chroot.
>
> The problem is that the jail does not have the address 127.0.0.1 or does not
> use the info in resolv.conf.
>
> When I use the host command I get:
>
> [root@ippbx1 ~]# host ippbx1
> ;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53
>
> /etc/resolv.conf
> domain kalmar.se
> search kalmar.se
> nameserver 127.0.0.1
>
> tcpdump:
> 21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], proto
> UDP (17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1.
> (24)
>
> 21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], proto
> UDP (17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail
> 0/0/0 (24
>
> As you can see the destination address is 172.16.101.3 despite the name
> server address in resolv.conf. The host command does not add the domain as
> it should and sends the query as "A? ippbx1" instead of "A?
> ippbx1.kalmar.se". The host command expects to get an answer from 127.0.0.1.
>
> Changing the nameserver address in resolv.conf to 172.16.101.3 does not
> change anything. Using the FQDN does not help because it's still the wrong
> expected address. The only thing that works is: host ippbx1.kalmar.se
> 172.16.101.3.
>
> Using ping give a different picture:
>
> [root@ippbx1 ~]# ping ippbx1
> ping: cannot resolve ippbx1: Host name lookup failure
>
> /etc/resolv.conf
> domain kalmar.se
> search kalmar.se
> nameserver 172.16.101.3
>
>
> tcpdump:
> 21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], proto
> UDP (17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A?
> ippbx1.kalmar.se. (34)
> 21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], proto
> ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port 53
> unreachable, length 36
>
>
> ping does add the domain to the query but does not read the address from
> resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host 0
> machine and does not run BIND.
>
>
> uname -a
> FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0
> named -v
> BIND 9.4.2-P2
>
> named.conf:
> zone "kalmar.se" { type master; file "master/kalmar"; };
> zone "101.16.172.in-addr.arpa" { type master; file "master/kalmar.rev"; };
>
> zone file kalmar:
>
> $TTL 3h
> @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h
> ; Serial, Refresh, Retry, Expire, Neg. cache TTL
>
> IN NS ippbx1.kalmar.se.
> ippbx1 IN A 172.16.101.3
>
> zone file kalmar.rev:
>
> $TTL 3h
> @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h
> ; Serial, Refresh, Retry, Expire, Neg. cache TTL
> IN NS ippbx1.kalmar.se.
> 3 IN PTR ippbx1.kalmar.se.
>
>
> Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab
> and want to run six autonomous jails with DNS, DHCP, NTP and asterisk
> inside.
> DHCP and Asterisk works but DNS is vital for the lab.
>
> BR
> Anders H
>
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
>
Hi,
You also need in your name.conf
options {
allow-query { 10.0.0.0/8; }; <-- replace with your own network
listen-on { 10.1.20.1; }; <-- replace with your jail IP
forwarders { xx.xx.xx.xx; xx.xx.xx.xx; }; <-- replace with your
upstream DNS servers (supplied by ISP)
};
in the resolve.conf
should be your domain and DNS server(s) IP addresses, not 127.0.0.1,
there is no localhost inside the jails, so it wont work.
Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4d7dd86f0902141417xb626f20h2c694fb3861f751f>