From owner-freebsd-questions@FreeBSD.ORG Wed Feb 1 23:04:27 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41BA716A422 for ; Wed, 1 Feb 2006 23:04:27 +0000 (GMT) (envelope-from jahilliya@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C3C143D83 for ; Wed, 1 Feb 2006 23:04:06 +0000 (GMT) (envelope-from jahilliya@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so258584nzo for ; Wed, 01 Feb 2006 15:04:06 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d17bg3rMw1l0ukemkYXSGxCYfUCKAXDGmllZmSKOaYMzL+yyzCfD+/q/4O+moHR9q+cNHiCvtKFLR4I4qyY2IQZkFDFI09vVZyBvTJ6PmIBu1PgYw/Km4vqywMmuPsPPuI+9WrZR0U0toJSvc3DyF+zdWRivY8Pu0vwbMVKTXYg= Received: by 10.65.61.6 with SMTP id o6mr54607qbk; Wed, 01 Feb 2006 15:04:06 -0800 (PST) Received: by 10.64.184.6 with HTTP; Wed, 1 Feb 2006 15:04:06 -0800 (PST) Message-ID: Date: Thu, 2 Feb 2006 07:04:06 +0800 From: Daniel To: Paul Schmehl In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Cc: freebsd-questions@freebsd.org Subject: Re: )(*&)(*&)(*&)(*& named X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2006 23:04:27 -0000 On 2/2/06, Paul Schmehl wrote: > It's time to take on the uneviable task of trying to get named to work. > > I'm running FreeBSD 5.4 SECURITY. I've installed the bind9 port. > > When I try to start named using the rc.d script (/etc/rc.d/named start), = I > get this: > > Feb 1 05:30:00 stovebolt named[13084]: stopping command channel on > 127.0.0.1#953 > Feb 1 05:30:00 stovebolt named[13084]: exiting > Feb 1 05:30:01 stovebolt named[4841]: starting BIND 9.3.2 > Feb 1 05:30:02 stovebolt named[4841]: command channel listening on > 127.0.0.1#953 > Feb 1 05:30:02 stovebolt named[4841]: 127.0.0:1: no TTL specified; using > SOA MINTTL instead > Feb 1 05:30:02 stovebolt named[4841]: running > Feb 1 16:28:43 stovebolt named[26670]: starting BIND 9.3.2 -u bind -t > /var/named The biggest difference between running as root and the startup script are the command line arguments given in either case. Script flags: -u bind -t /var/named CLI flags: -c /usr/local/etc/named.conf -u root The man page will show you that the -t flag indicates you want named to chroot (recommended practice). It also is running as bind and not root. Check out /var/named and your named config file. You will probably find that /var/named/named.pid is not writable by the user bind. You may also find that the named config isn't specifying a full path to be used within the chroot directory (/var/named). Below is the config for my named that runs chrooted. directory "/"; pid-file "/named.pid"; dump-file "/dump/named_dump.db"; statistics-file "/stats/named.stats"; Yours may look something like: directory "/var/named/"; pid-file "/var/named/named.pid"; dump-file "/var/named/dump/named_dump.db"; statistics-file "/etc/named/stats/named.stats"; The paths in named.conf need to be relative to the chroot, not the base. > Feb 1 16:28:43 stovebolt named[26670]: /usr/local/etc/named.conf:57: > couldn't find key 'rndc-key' for use with command channel 127.0.0.1#953 > Feb 1 16:28:43 stovebolt named[26670]: command channel listening on > 127.0.0.1#953 > Feb 1 16:28:43 stovebolt named[26670]: couldn't open pid file 'named.pid= ': > File exists > Feb 1 16:28:43 stovebolt named[26670]: exiting (due to early fatal error= ) > > (So naturally bind doesn't start up automagically on reboot. And yes, I > have named_enable=3Dyes in rc.conf: > named_enable=3D"YES" > named_config=3D"/usr/local/etc/named.conf" > named_program=3D"/usr/local/sbin/named" > ) > > When I try to start named using rndc, I get this: > > rndc start > rndc: connect failed: connection refused rndc does not have a command "start" restart is also not yet implemented. rndc communicates to the rndc port bind opens, if this port isn't open rndc doesn't work. rndc is only good for generating stats, reloading zones/configs, dumps, etc... but NOT starting named (it can stop it tho). > Yet, when I start named from the cli, with user root, it works fine: > > named -c /usr/local/etc/named.conf -u root > > Feb 1 16:31:12 stovebolt named[26784]: starting BIND 9.3.1 -c > /usr/local/etc/named.conf -u root > Feb 1 16:31:12 stovebolt named[26784]: command channel listening on > 127.0.0.1#953 > Feb 1 16:31:12 stovebolt named[26784]: 127.0.0:1: no TTL specified; usin= g > SOA MINTTL instead > Feb 1 16:31:12 stovebolt named[26784]: running > > And it's listening on the command channel, localhost:953 (and port 53 of > course). > > Once named is running, I can use rndc to generate stats, query logs, > reconfig, flush, halt, stop, etc. But I *cannot* run rndc start. I get > the connection refused error. > > ???? > > I'm about ready to write my own startup script, but if anyone experienced > with this has any suggestions, I'm all ears. (Yes, I've run rndc-confgen > and put the info in the rndc.conf file and in the named.conf file.) > > I haven't done a ton of googling, so if you don't know the answer of the > top of your head, don't bother doing my research for me. I'm just > wondering if someone will recognize my braindeadness immediately and put = me > out of my misery. Do some reading, you'll find all the answers in the man pages and administrative reference manual on the isc bind website. Writing your own startup scripts is unnecessary, especially for something that already has one (or in this case, maybe two, /etc/rc.d and /usr/local/etc/rc.d) > Paul Schmehl (pauls@utdallas.edu) > Adjunct Information Security Officer > University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu/ir/security/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >