ndc error
Jeff Medcalf
medcalf at caerdroia.org
Mon Feb 26 04:47:02 UTC 2001
On 2/25/01 8:35 PM, mjs spake thus:
>
>why when i restart the named daemon with the command
>/etc/rc.d/init.d/named restart ..i get this error,...but i can stop it and
>start it,..just not restart it...
>
>I chrooted my bind...following the instructions step my step
>http://www.losurs.org/docs/howto/Chroot-BIND.html
>
>
>
>
>[root at digitalconsciousness /root]# /etc/rc.d/init.d/named restart
>ndc: error: ctl_client: evConnect(fd 3): Connection refused
>ndc: error: cannot connect to command channel (/var/run/ndc)
>ndc: error: name server was not running (warning only)
[SNIP]
>i dont understand why im getting this error
>
>my ndc is in
>/usr/sbin/ndc
I haven't really checked, but I suspect that the problem is that the
commands are behaving exactly as you want them to. ndc uses a socket,
typically called /var/run/ndc, to communicate with the process. It
appears that when the chroot happens, the application loses connection to
files outside of the directory to which bind is chrooted. This is a Good
Thing, since it is the purpose of chrooting the command in the first
place.
There are two options you can try. First, change the ndc channel (the
socket) to live in the directory that you've chrooted bind to. If that
doesn't work, try using the -p option to communicate via signals, rather
than via a socket.
Stopping the daemon is done with the killproc command (which is a
function in /etc/rc.d/init.d/functions) which does a kill on named's pid.
Thus, there is no dependency on named seeing outside its chroot jail.
Starting the process works for obvious reasons.
-jeff
-------------------------------------------------------------------------
Jeff Medcalf )O( | gwyn at caerdroia.org | http://www.caerdroia.org/~medcalf
The left thinks it is possible to legislate things into existence.
The right thinks is is possible to legislate things out of existence.
More information about the bind-users
mailing list