[stork-users] Stork agent cannot connect through rndc

Wed Aug 28 11:42:39 UTC 2024

Hello Mik!

The "named-checkconf" call is constructed in 
backend/agent/bind9.go:569-577 :

	// Prepare named-checkconf arguments.
	args := []string{}
	if rootPrefix != "" {
		args = append(args, "-t", rootPrefix)
	}
	// The config path must be last.
	args = append(args, "-p", bind9ConfPath)

	out, err := executor.Output(namedCheckconfPath, args...)

So, we provide the BIND 9 configuration path via "-p" flag and path to 
the BIND 9 chroot via the "-t" flag (if applicable).

Regards,
Slawek Figiel

On 28/08/2024 00:26, Mik J wrote:
> Hello Slawek,
> 
> I did
> # named-checkconf
> open: /etc/named.conf: file not found
> 
> So I made a symbolic link
> # ln -s /var/named/etc/named.conf /etc/named.conf
> And ran again the command
> # named-checkconf
> 
> However no improvement.
> 
> Which option is used along with named-checkconf because when I run it I don't see anything, it's silent.
> 
> 
> At the moment I launch the stork agent as root so there shouldn't be file permission problems.
> 
> # ls -l /etc/rndc.key
> -rw-r--r--  1 root  _bind  100 May 11 00:29 /etc/rndc.key
> The permissions are not so good but I'll change them
> 
> I don't have any file specified in my named.conf except:
> - Log files: for example
> channel queries_errors_file {
>          file "/var/log/query-errors.log" versions 3 size 5m;
> 
> - or zone files
> zone "127.in-addr.arpa" {
>      type master;
>      file "/master/reverse/loopback";
>      allow-transfer { localhost; };
> };
> 
> I'm not sure my configuration is involved in this issue, maybe that's because I'm using Openbsd 7.5 and it has something specific.
> 
> Regards
> 
> 
> 
> Le lundi 26 août 2024 à 11:51:46 UTC+2, Slawek Figiel <slawek at isc.org> a écrit :
> 
> 
> 
> 
> 
> Hello Mik!
> 
> Please check if your Stork agent user has rights to read the
> "named.conf" and "rndc.key" files and any other files referenced in
> "named.conf".
> 
>> Also I see that the stork agent tries to connect to 127.0.0.1 using
> rndc but I haven't specified the stork agent to use this adress
> (although that's the one I want)
>> But, in general, how is the stork agent supposed to find the DNS
> server adress and port ?
> 
> Stork uses "named-checkconf" to read the BIND 9 configuration and
> extracts the RNDC address and port from it.
> 
> I'm waiting for your feedback.
> Regards
> Slawek
> 
> On 16/08/2024 11:24, Mik J wrote:
>> Stork: 1.18.0
>> OS: Openbsd 7.5
>>
>> Hello,
>>
>> I made my stork agent to be installed on one of my DNS.
>>
>> However I get this message
>> INFO[2024-08-16 11:00:46]            bind9.go:560   Found BIND 9 config file in /var/named/etc/named.conf based on output of `named -V`.
>> ERRO[2024-08-16 11:00:49]            agent.go:311   Failed to forward commands to rndc            Address="127.0.0.1" Port="953" error="exit status 1"
>>
>>
>> If I run the command manually, it works
>> # rndc -b 127.0.0.1 -s 127.0.0.1 -p 953 -k /etc/rndc.key status
>> version: BIND 9.18.28 (Extended Support Version) <id:f77fadb> ()
>> running on localhost: OpenBSD amd64 7.5 GENERIC.MP#82
>> boot time: Fri, 16 Aug 2024 02:07:05 GMT
>> last configured: Fri, 16 Aug 2024 02:07:05 GMT
>> configuration file: /etc/named.conf (/var/named/etc/named.conf)
>> ...
>>
>> How to debug this problem ?
>>
>> - How does stork knows what is the rndc.key, does it read it in named.conf or should it read /etc/rndc.key
>> - If it reads /etc/rndc.key, how does it know where to find this file ?
>>
>>
>> Also I see that the stork agent tries to connect to 127.0.0.1 using rndc but I haven't specified the stork agent to use this adress (although that's the one I want)
>> But, in general, how is the stork agent supposed to find the DNS server adress and port ?
>>
>> Regards
> 
>>
>>