Re: rndc problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Sa, den 07.08.2004 schrieb Dino Nardini um 17:35:

> I've been using bind for dns services on my primary and backup servers for 
> years now, although it's been a while since I manually configured the 
> files.  I've been using the linuxconf admin tool to maintain the zone 
> lists.  Also keep in mind that I've been using bind 9.2.1 on a RH 7.2 box, 
> and I've never really had to deal with rndc or bind-chroot until yesterday.

I wonder how you then reloaded the configuration for bind or any zone
files, without using rndc. Did you always do a full restart?

> I installed FC2 from iso images and initially accepted the default 
> install.  I plan to use this test box as a secondary dns only, and it was 
> only after I started adding secondary domain information that I noticed it 
> wasn't polling the main dns.  I tried forcing a zone update, and then 
> discovered the command channel problem.  I removed bind* and 
> caching-nameserver, and reinstalled with yum, but ran into the same problems.

You configured the slave zone files go into
/var/named/chroot/var/named/slaves/?

> Yes, I do have a firewall configured with iptables, and I tried opening 
> port 953 to localhost, but still could not get rndc to open a command 
> channel with bind-chroot installed.  Are there any other ports that I must 
> open for bind-chroot?

Hm, you did block traffic on localhost? Hope I misunderstood you and you
didn't.

> I've gone over the named.conf and rndc.conf files in detail, many times, 
> and everything checks out fine.  Also considering that it works fine 
> without bind-chroot installed indicates no problem with the key information.

Do you run rndc chrooted or just normal on command line? If you run it
chrooted make sure the rndc.conf (a copy of /etc/rndc.conf) is inside
the chroot.

> I've narrowed the problem down to bind-chroot configuration, and am open to 
> suggestions at this point.  I've thought that it might be a firewall issue, 
> however I did open port 953 without success... perhaps another port I'm 
> overlooking?

On localhost there shall be not any blocking.

For querying other name servers Bind9 uses random high ports (> 1024).
If you change this behaviour and force the usage of port 53 only, you
must uncomment the line

query-source address * port 53;

in the /var/named/chroot/etc/named.conf.

> Without bind-chroot installed:
> 
> $ netstat -tualpen | grep 953
> tcp 0 0 127.0.0.1#953 0.0.0.0:* LISTEN 25 5068 2185/named
> 
> Cheers and thanks... Dino

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.7-1.494.2.2smp 
Serendipity 17:49:51 up 3 days, 11:17, load average: 0.10, 0.12, 0.09 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux