<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
code
{mso-style-priority:99;
font-family:"Courier New";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle22
{mso-style-type:personal-reply;
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:2029062156;
mso-list-type:hybrid;
mso-list-template-ids:897883022 60163642 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:6.75in;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-fareast-font-family:Calibri;
color:windowtext;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:7.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:7.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:8.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:8.75in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:9.25in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:9.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:10.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:10.75in;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">I’m not very familiar with Fedora, but on Redhat, at least, there is no /run directory. Which makes me think that “</span><code><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">/var/named/chroot/run/named/named.pid”
is a misconfiguration. That would be seen as “/run/named/named.pid” from *<b>within</b>* the chroot. Following usual conventions, I think you probably meant to specify “/var/run/named/named.pid” in named.conf, didn’t you? The full, pre-chroot’ed path would
then presumably be /var/named/chroot/var/run/named/named.pid.<o:p></o:p></span></code></p>
<p class="MsoNormal"><code><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></code></p>
<p class="MsoListParagraph" style="margin-left:6.75in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="font-size:10.0pt;font-family:"Courier New""><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">Kevin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> bind-users [mailto:bind-users-bounces@lists.isc.org]
<b>On Behalf Of </b>toddandmargo<br>
<b>Sent:</b> Wednesday, August 09, 2017 6:14 PM<br>
<b>To:</b> bind-users@lists.isc.org<br>
<b>Subject:</b> bind-chroot, runs, works, dies<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><br>
Hi All,<br>
<br>
Help!<br>
<br>
Fedora 26 x64<br>
Xfce 4.12<br>
<br>
# rpm -qa \bind\*<br>
bind-libs-lite-9.11.1-2.P2.fc26.x86_64<br>
bind99-libs-9.9.10-1.P2.fc26.x86_64<br>
bind-chroot-9.11.1-2.P2.fc26.x86_64<br>
bind-license-9.11.1-2.P2.fc26.noarch<br>
bind-9.11.1-2.P2.fc26.x86_64<br>
bind-libs-9.11.1-2.P2.fc26.x86_64<br>
bind99-license-9.9.10-1.P2.fc26.noarch<br>
bind-utils-9.11.1-2.P2.fc26.x86_64<o:p></o:p></span></p>
<div>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">I have a weird one. I am trying to set up bind-chroot. When I run it, it works<o:p></o:p></span></p>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">for about 30 seconds, then dies. And for the entire 30 seconds, it works<o:p></o:p></span></p>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">beautifully. I can go anywhere with Firefox and look up anything with "host". Then it breaks my heart.<o:p></o:p></span></p>
<pre><code># systemctl start named-chroot Job for named-chroot.service canceled. </code><o:p></o:p></pre>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">This is my error logs:<o:p></o:p></span></p>
<pre><code>Aug 8 15:58:49 FedoraServer named[10120]: all zones loaded Aug 8 15:58:49 FedoraServer named[10120]: running Aug 8 15:58:49 FedoraServer named[10120]: zone 255.168.192.in-addr.arpa/IN: sending notifies (serial 57) Aug 8 15:58:49 FedoraServer named[10120]: zone alpine.local/IN: sending notifies (serial 60) Aug 8 15:58:49 FedoraServer systemd: named-chroot.service: PID file /var/named/chroot/run/named/named.pid not readable (yet?) after start: No such file or directory Aug 8 16:00:19 FedoraServer systemd: named-chroot.service: Start operation timed out. Terminating. Aug 8 16:00:19 FedoraServer named[10120]: shutting down Aug 8 16:00:19 FedoraServer named[10120]: stopping command channel on 127.0.0.1#953 Aug 8 16:00:19 FedoraServer named[10120]: stopping command channel on ::1#953 Aug 8 16:00:19 FedoraServer named[10120]: no longer listening on ::#53 Aug 8 16:00:19 FedoraServer named[10120]: no longer listening on 127.0.0.1#53 Aug 8 16:00:19 FedoraServer named[10120]: no longer listening on 50.124.80.106#53 Aug 8 16:00:19 FedoraServer named[10120]: exiting Aug 8 16:00:19 FedoraServer systemd: Stopped Berkeley Internet Name Domain (DNS). Aug 8 16:00:19 FedoraServer systemd: named-chroot.service: Unit entered failed state. Aug 8 16:00:19 FedoraServer systemd: named-chroot.service: Failed with result 'timeout'. Aug 8 16:00:19 FedoraServer systemd: Stopping Set-up/destroy chroot environment for named (DNS)... Aug 8 16:00:19 FedoraServer audit: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=named-chroot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Aug 8 16:00:20 FedoraServer systemd: Stopped Set-up/destroy chroot environment for named (DNS). Aug 8 16:00:20 FedoraServer audit: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=named-chroot-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' </code><o:p></o:p></pre>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">I find the<o:p></o:p></span></p>
<pre><code>PID file /var/named/chroot/run/named/named.pid not readable (yet?) after start: No such file or directory </code><o:p></o:p></pre>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">error to be a bit weird as the directory does exist and the entire directory tree from /var/named is owned by "named". This is usually SELinux's doing. But SELinux does not throw an error.<o:p></o:p></span></p>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">My "named.conf":<o:p></o:p></span></p>
<pre><code>// generated by named-bootconf.pl options { # the following forwarders is for Open DNS forwarders { 208.67.222.222; 208.67.220.220; }; directory "/var/named"; # pid-file "/var/named/chroot/run/named/named.pid"; # pid-file "/var/named/chroot/run/named/nonamed.pid"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // /etc/named.boot // // This is the boot file that /etc/init.d/inetsvc uses to run in.named // // // The "directory <path>" statement points to where the name server (and // its files) will be running. // example: // directory /var/named // // // // The "cache . named.ca" statement appears on all servers and tells the // server which servers are authoritative name servers for the root zone. // The addresses of the "higher authorities" are listed in the named.ca file. // zone "." { type hint; file "named.ca"; }; // // // forwarders 206.40.79.2 // forward-only // // key DHCP_UPDATER { algorithm hmac-md5; secret dgGxxxxxxxxxxxxxxxxQZwgQ==; }; zone "alpine.local" { type master; file "slaves/alpine.hosts"; allow-update { key DHCP_UPDATER; }; # allow-update { 127.0.0.1; }; }; zone "255.168.192.in-addr.arpa" { type master; file "slaves/alpine.hosts.rev"; allow-update { key DHCP_UPDATER; }; # allow-update { 127.0.0.1; }; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; }; logging { channel update_debug { file "slaves/named-update-debug.log"; severity debug 3; print-category yes; print-severity yes; print-time yes; }; channel security_info { file "slaves/named-auth.info"; severity info; print-category yes; print-severity yes; print-time yes; }; category update { update_debug; }; category security { security_info; }; }; </code><o:p></o:p></pre>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">This is my "named-chroot.service:<o:p></o:p></span></p>
<pre><code># Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log" # line to your /etc/rsyslog.conf file. Otherwise your logging becomes # broken when rsyslogd daemon is restarted (due update, for example). [Unit] Description=Berkeley Internet Name Domain (DNS) Wants=nss-lookup.target Requires=named-chroot-setup.service Before=nss-lookup.target After=named-chroot-setup.service After=network.target [Service] Type=forking EnvironmentFile=-/etc/sysconfig/named Environment=KRB5_KTNAME=/etc/named.keytab PIDFile=/var/named/chroot/run/named/named.pid ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi' ExecStart=/usr/sbin/named -u named -t /var/named/chroot $OPTIONS ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID' ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID' PrivateTmp=false [Install] WantedBy=multi-user.target </code><o:p></o:p></pre>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Any words of wisdom?<o:p></o:p></span></p>
<p><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Many thanks, -T<o:p></o:p></span></p>
</div>
</div>
</div>
</body>
</html>