From owner-freebsd-jail@FreeBSD.ORG  Sat Feb 14 22:03:07 2009
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 224331065672
	for <freebsd-jail@freebsd.org>; Sat, 14 Feb 2009 22:03:07 +0000 (UTC)
	(envelope-from anders.hagman@netplex.se)
Received: from mailfront1.netatonce.net (mailfront1.netatonce.net
	[217.10.96.36]) by mx1.freebsd.org (Postfix) with ESMTP id ABF0E8FC1D
	for <freebsd-jail@freebsd.org>; Sat, 14 Feb 2009 22:03:06 +0000 (UTC)
	(envelope-from anders.hagman@netplex.se)
Received: from localhost (localhost [127.0.0.1])
	by mailfront1.netatonce.net (Postfix) with ESMTP id C84C6406A
	for <freebsd-jail@freebsd.org>; Sat, 14 Feb 2009 22:39:55 +0100 (CET)
X-Virus-Scanned: by amavis at citynet.nu
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=0 tagged_above=-999 required=999 tests=[none]
Received: from mailfront1.netatonce.net ([127.0.0.1])
	by localhost (mailfront1.citynet.nu [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id e5U4a9X19pII for <freebsd-jail@freebsd.org>;
	Sat, 14 Feb 2009 22:39:54 +0100 (CET)
Received: from [127.0.0.1] (user55.85-195-9.netatonce.net [85.195.9.55])
	by mailfront1.netatonce.net (Postfix) with ESMTP id F20DC42AF
	for <freebsd-jail@freebsd.org>; Sat, 14 Feb 2009 22:13:17 +0100 (CET)
Message-ID: <499733EC.3040706@netplex.se>
Date: Sat, 14 Feb 2009 22:13:16 +0100
From: Anders Hagman <anders.hagman@netplex.se>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 090214-0, 2009-02-14), Outbound message
X-Antivirus-Status: Clean
Subject: BIND in jail problem
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Feb 2009 22:03:07 -0000

Hi

I'm trying to use BIND inside a jail and have passed the chroot
problem and have a running named without chroot.

The problem is that the jail does not have the address 127.0.0.1 or does not use 
the info in resolv.conf.

When I use the host command I get:

[root@ippbx1 ~]# host ippbx1
;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53

/etc/resolv.conf
domain kalmar.se
search kalmar.se
nameserver 127.0.0.1

tcpdump:
21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], proto UDP 
(17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1. (24)

21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], proto UDP 
(17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail 0/0/0 (24

As you can see the destination address is 172.16.101.3 despite the name server 
address in resolv.conf. The host command does not add the domain as it should 
and sends the query as "A? ippbx1" instead of "A? ippbx1.kalmar.se". The host 
command expects to get an answer from 127.0.0.1.

Changing the nameserver address in resolv.conf to 172.16.101.3 does not change 
anything. Using the FQDN does not help because it's still the wrong expected 
address. The only thing that works is: host ippbx1.kalmar.se 172.16.101.3.

Using ping give a different picture:

[root@ippbx1 ~]# ping ippbx1
ping: cannot resolve ippbx1: Host name lookup failure

/etc/resolv.conf
domain kalmar.se
search kalmar.se
nameserver 172.16.101.3


tcpdump:
21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], proto UDP 
(17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? ippbx1.kalmar.se. (34)
21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], proto 
ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port 53 
unreachable, length 36


ping does add the domain to the query but does not read the address from 
resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host 0 
machine and does not run BIND.


uname -a
FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0
named -v
BIND 9.4.2-P2

named.conf:
zone "kalmar.se"                { type master; file "master/kalmar"; };
zone "101.16.172.in-addr.arpa"  { type master; file "master/kalmar.rev"; };

zone file kalmar:

$TTL 3h
@ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h
         ; Serial, Refresh, Retry, Expire, Neg. cache TTL

         IN      NS      ippbx1.kalmar.se.
ippbx1  IN      A       172.16.101.3

zone file kalmar.rev:

$TTL 3h
@ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h
         ; Serial, Refresh, Retry, Expire, Neg. cache TTL
         IN      NS      ippbx1.kalmar.se.
3       IN      PTR     ippbx1.kalmar.se.


Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab
and want to run six autonomous jails with DNS, DHCP, NTP and asterisk inside.
DHCP and Asterisk works but DNS is vital for the lab.

BR
Anders H