[bind10-dev] experience and problems setting up forwarding resolver
Jeremy C. Reed
jreed at isc.org
Mon Feb 28 20:42:33 UTC 2011
I have been using the forwarding resolver since early December
continually on my personal network. It has worked fine.
Today, I installed the latest release (a couple days old) on another
machine.
This email documents my experiences and problems. If you recognize a
Trac ticket for any of this, please let me know.
I installed to default prefix. b10-auth couldn't find its libraries.
This Debian system had a /etc/ld.so.conf that had an include that
referenced some other files. One listed /usr/local/lib but ldconfig -p
didn't show it (even though the cache file was newer that the config
files). So I ran ldconfig and then this worked. I do not have this
problem when installing to a custom prefix -- in that case the RPATH is
defined, pointing to my libraries.
I used bindctl to disable the auth server and enable the resolver,
but bindctl showed that the Auth module was still available. I didn't
test configuring the Auth module then (b10-auth was not running).
I noticed an unclear error message:
> config set Boss/start_typo true
Error: /Boss/start_typo
> config set Boss/start_resolver true
>
It also showed the Resolver module. I was surprised that it was shown
as I thought I had to restart cfgmgr. I forgot. (I think I posted wrong
directions to bind10-users list regarding that.)
I configured the listen_on and tested with dig.
I next had this problem:
> config set Resolver/forward_addresses[0]/address "204.152.187.14"
> config set Resolver/forward_addresses[1]/address "204.152.187.17"
> config diff
{'Resolver': {'forward_addresses[1]': {'address': '204.152.187.17'},
'forward_addresses': [], 'forward_addresses[0]': {'address':
'204.152.187.14'}}}
Notice the
'forward_addresses': []
> config commit
Error: Error in config validation: Unknown item
forward_addresses[0]Unknown item forward_addresses[1]
Configuration not committed
So then I tried:
> config set Resolver/forward_addresses [{ "address": "204.152.187.14" }]
> config diff
{'Resolver': {'forward_addresses[1]': {'address': '204.152.187.17'},
'forward_addresses': [{'address': '204.152.187.14'}],
'forward_addresses[0]': {'address': '204.152.187.14'}}}
> config commit
Error: Error in config validation: Unknown item
forward_addresses[0]Unknown item forward_addresses[1]
Configuration not committed
And so I did a "config revert" and tried again:
> config revert
> config set Resolver/forward_addresses [{ "address": "204.152.187.14" }]
> config diff
{'Resolver': {'forward_addresses': [{'address': '204.152.187.14'}]}}
> config commit
Error: Address must contain both the IPaddress and port
Configuration not committed
I was hoping it would use default port. (I know of problem not using
spec, but I thought the code had hardcoded default too.)
So I added a port and that worked.
I tested it with dig and it worked. I exited bindctl. I copied
existing resolv.conf and set new resolv.conf to point to 127.0.0.1.
I decided to run it as non-root. I created a user (bind10dns). I
started bindctl and did:
> Boss shutdown
{
"error": "Module 'Boss' not responding"
}
bind10 was now stopped, but the b10 processes were still running with
init as the parent:
root 11641 0.0 0.1 5228 2980 ? S 19:52 0:00 b10-resolver
root at bind10:/home/jreed# ps -p 11641 -o ppid
PPID
1
I manually killed msgq and everything stopped except cmdctl. So I
killed it too.
Then I ran "bind10 --user bind10dns" and it said:
root at bind10:/home/jreed# [bind10] Error on startup: Unable to start
b10-msgq: Unable to connect to c-channel after 5 seconds
I guess a permission problem but not identified.
I restarted bind10 as root (without --user bind10dns) so my DNS would
work.
My config file was only readable by root. So maybe that was the
problem. So I chgrp to my new group and chmod g+rw.
I ran bindctl and got:
> Boss shutdown
Error:
What was the error? I don't know.
Now bind10 was not running and neither were the b10 processes.
Then:
> quit
Traceback (most recent call last):
File "/usr/local/bin/bindctl", line 133, in <module>
tool.run()
File "/usr/local/lib/python3.1/site-packages/bindctl/bindcmd.py", line
122, in run
self.cmdloop()
File "/opt/pkg/lib/python3.1/cmd.py", line 138, in cmdloop
line = self.precmd(line)
File "/usr/local/lib/python3.1/site-packages/bindctl/bindcmd.py", line
271, in precmd
self._update_all_modules_info()
File "/usr/local/lib/python3.1/site-packages/bindctl/bindcmd.py", line
265, in _update_all_modules_info
self.config_data.update_specs_and_config()
File "/usr/local/lib/python3.1/site-packages/isc/config/ccsession.py",
line 365, in update_specs_and_config
self.request_specifications();
File "/usr/local/lib/python3.1/site-packages/isc/config/ccsession.py",
line 360, in request_specifications
specs = self._conn.send_GET('/module_spec')
File "/usr/local/lib/python3.1/site-packages/bindctl/bindcmd.py", line
232, in send_GET
status, reply_msg = self._send_message(url, body)
File "/usr/local/lib/python3.1/site-packages/bindctl/bindcmd.py", line
224, in _send_message
self.conn.request('GET', url, body, headers)
File "/opt/pkg/lib/python3.1/http/client.py", line 918, in request
self._send_request(method, url, body, headers)
File "/opt/pkg/lib/python3.1/http/client.py", line 946, in
_send_request
self.putrequest(method, url, **skips)
File "/opt/pkg/lib/python3.1/http/client.py", line 810, in putrequest
raise CannotSendRequest(self.__state)
http.client.CannotSendRequest: Request-sent
I know why my bind10 was killed; it doesn't daemonize so when I closed
terminal it was running in, it was killed -- but sometimes children
didn't get killed. HUP or whatever signal was not trapped or passed to
children?
Because my DNS was down, I couldn't login remotely since I was using
Kerberos. When back in I reverted by resolv.conf and just added my
local 127.0.0.1 to the top.
I used nohup to start bind10 then.
Even with configuration readable, I still couldn't run as a different
user. I also tried with making the /usr/local/var/bind10-devel/ owned by
same group and readable and writable.
So currently running as root.
More information about the bind10-dev
mailing list