help! Can't get two nameservers to run!
Kevin Darcy
kcd at daimlerchrysler.com
Thu Sep 7 02:12:42 UTC 2000
The "ctl_server" error message is specific to the "ndc" control channel. If you
want to get rid of it, you should configure separate channels for each instance
via the "controls" statement.
But, other than "ndc" functionality, it shouldn't prevent the nameserver
instances from working. Aren't they?
- Kevin
Tom Jennings wrote:
> OK I admit I'm getting a little panicky... I'm desperately trying
> to run two copies of named, to work around the known subdomain
> leakage problem in 8.2.2. v9 solves it, but is too buggy to put in
> production just yet.
>
> My nameserver box has two ethernet cards. I want to run:
>
> * An outside nameserver, primary for one zone, listens on ethernet1
> only, allows all queries and few axfrs. Recursion and glue is off.
> I want it to have no knowledge of anything but it's one domain,
> DOMAIN.COM. This is our public nameserver.
>
> * An inside nameserver, primary for a bunch of sub-domains and
> secondary for a bunch of domains. It listens on ethernet0 and
> 127.0.0.1, allows query inside (10/8, etc), a few axfrs. Recursion
> is on, glue off.
>
> I start the nameservers inside, then outside, and get the errors
> below.
>
> ? queries to ethernet1 are resolved by the inside nameserver, the
> outside nameserver seems inert. (eg. I kill -9 the outside server
> and it still answers queries?)
>
> ? The second copy of bind generates this error:
> named[4342]: ctl_server: bind: Address already in use
> but says its listening on the appropriate interface, but it acts
> like the "inside" server, loaded first, is bound to that address.
>
> I know also this means ndc's pipe to named is AFU (by the second
> invokation I suppose) but the O'Reilly book says nothing about
> setting up ndc, and I'm fine with manually signalling the thing.
>
> I don't see any reason to chroot each copy; is there one?
> [tomj at ns1 DNS]# ps -ax | egrep named
> 4300 ? S 0:00 /usr/sbin/named /etc/named.conf.inside
> 4343 ? S 0:00 /usr/sbin/named /etc/named.conf.outside
>
> LOG
>
> Starting "inside" server first:
>
> Sep 6 18:53:24 ns1 named[4299]: starting. named 8.2.2-P5 Mon F [deleted]
> ... loading zones...
> Sep 6 18:53:24 ns1 named[4299]: listening on [127.0.0.1].53 (lo)
> Sep 6 18:53:24 ns1 named[4299]: listening on [10.4.0.13].53 (eth0)
> Sep 6 18:53:24 ns1 named[4299]: Forwarding source address is [0.0.0.0].2239
> Sep 6 18:53:24 ns1 named[4300]: Ready to answer queries.
>
> Starting "outside" server:
> Sep 6 18:54:26 ns1 named[4342]: starting. named 8.2.2-P5 Mon Feb [deleted]
> ...loading zones...
> Sep 6 18:54:26 ns1 named[4342]: ctl_server: bind: Address already in use
> Sep 6 18:54:26 ns1 named[4342]: listening on [10.4.0.14].53 (eth1)
> Sep 6 18:54:26 ns1 named[4342]: Forwarding source address is [0.0.0.0].2240
> Sep 6 18:54:26 ns1 named[4343]: Ready to answer queries.
>
> CONFIGS: heavily clipped here; ACLs not shown (they work)
>
> inside:
>
> options {
> fetch-glue no; // be less wasteful,
> recursion yes; // be helpful,
>
> pid-file "/home/DOMAIN/DNS/run/named-inside.pid";
> listen-on { 127.0.0.1; 10.4.0.13; }; // eg. ns1.net.DOMAIN.com,
>
> directory "/home/DOMAIN/DNS";
> };
>
> zone "DOMAIN.com" {
> type master;
> file "DOMAIN.com";
> allow-query { any; };
> allow-transfer { list of inside hosts; };
> also-notify { list of inside hosts; };
> };
>
> Outside:
>
> options {
> fetch-glue no; // do no favors,
> recursion no; // and only this one zone,
> pid-file "/home/DOMAIN/DNS/run/named.pid.outside";
> listen-on { 10.4.0.14; }; // the second ethernet only!
> };
>
> zone "DOMAIN.com" {
> type master;
> allow-transfer { list of outside hosts; };
> also-notify { list of outside hosts; };
> file "DOMAIN.com";
> };
>
> ---
> INFORMATION GLADLY GIVEN BUT SAFETY REQUIRES AVOIDING UNNECESSARY CONVERSATION
More information about the bind-users
mailing list