From owner-freebsd-questions@freebsd.org Fri Feb 2 15:44:34 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7BF1BEDFA1F for ; Fri, 2 Feb 2018 15:44:34 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0D0D07090E for ; Fri, 2 Feb 2018 15:44:34 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x232.google.com with SMTP id f89so23349238ioj.4 for ; Fri, 02 Feb 2018 07:44:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=aCauHs4/tQ+deYhR3OCOmHRFS81qiVcu4GX3amW0Scg=; b=Xlrc0bVNPCVFHcBBSWAoqfkY/d3ji0t8ISYoELgo/2nVemhoy69BoYly73wO/j+pQ4 D8LXOQcZIQjQn/lI4J94FuCpfXmXVjbf0x9UYjIaNpsfa2Y+5W081snO2kP3nWMVXTas yaT/C2XPvdJUKSEIliPyhK+qF5nPNQi2kAiQN/fn1MIpylyysbv+Bz5UYNDIhryrYWt4 IX2CW6FzGb/Gk5ZRsoymIQvwVEjQn824QyBk/dm4Xn95tELtbjzLvy1AHrBLfuVMtkRZ RGy78q1mW3PJHfq8L2qhTib7MJkQgRysYp3lNjmPH+g+rBMLiKvyskKWemPWr83CO5h7 gLqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=aCauHs4/tQ+deYhR3OCOmHRFS81qiVcu4GX3amW0Scg=; b=MA2VZG11Pso6Yv2KZxhiCCOKlcR/i044bR8cUGuwb4DgQ76ELlD8UVSWy4Swc0TOvv AkPCNOTUCnAkCwzqiY6wAmaTN2DvB2yxriY6LlGbIgLMkLbDzBlC+Zr1dB50aXOCsrHr X07erUXn5JfD+Gg6dgI0AbjsbGCfHtDEvkxx6R3JcCor4V7cDuzyYrnmvz28XOv0hK8s 3ZCUfdzYVOBBDK5d835oYFkMK3oFiKxBVKDjlepL433O+E/HKq8Lgw2LjlMyvrd3MwVA 84VXV2XmYv+AkoLiB/LrrwMfZRb386xYZQXGLD4Q0pLoVsItPRXA3juuYJaJ/sBx1ODX 5pAg== X-Gm-Message-State: AKwxytewy9Ave0NCn8iWYWMwiP6YMZylDbdT1rxihTJ/JXKfOXPaYLtt BJzqGgUMS8/n9PFMEetvvWg= X-Google-Smtp-Source: AH8x2277T65YzUCmMH1hucKdlOCeZG4EnQWJincHXQZfc8HpHJ5+1O52w1NIyzQqEHFmjDKMhxGOUw== X-Received: by 10.107.132.158 with SMTP id o30mr29042731ioi.70.1517586273394; Fri, 02 Feb 2018 07:44:33 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-48-31.neo.res.rr.com. [65.25.48.31]) by smtp.googlemail.com with ESMTPSA id f7sm1481243iod.60.2018.02.02.07.44.32 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 02 Feb 2018 07:44:32 -0800 (PST) Message-ID: <5A74875F.9080901@gmail.com> Date: Fri, 02 Feb 2018 23:44:31 +0800 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: byrnejb@harte-lyne.ca CC: freebsd-questions@freebsd.org Subject: Re: Jails, ping, and now DNS References: <737005a0c3e97d8d1e9306eb52471f89.squirrel@webmail.harte-lyne.ca> In-Reply-To: <737005a0c3e97d8d1e9306eb52471f89.squirrel@webmail.harte-lyne.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 15:44:34 -0000 James B. Byrne via freebsd-questions wrote: > Ok, this jail setup thing is slowly driving me mad. Can someone > explain the following behaviour observed on a jail (hll124) set up > using ezjail? > > root@hll107:~ # sysctl security.jail.allow_raw_sockets > security.jail.allow_raw_sockets: 1 > > root@hll107:~ # service local_unbound onestatus > local_unbound is running as pid 76810. > > root@hll107:~ # drill vhost04.hamilton.harte-lyne.ca > > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 > ;; QUESTION SECTION: > > > ;; vhost04.hamilton.harte-lyne.ca. IN A > > ;; ANSWER SECTION: > vhost04.hamilton.harte-lyne.ca. 172765 IN A 216.185.71.44 > > ;; AUTHORITY SECTION: > harte-lyne.ca. 172765 IN NS dns04.harte-lyne.ca. > harte-lyne.ca. 172765 IN NS dns01.harte-lyne.ca. > harte-lyne.ca. 172765 IN NS dns03.harte-lyne.ca. > harte-lyne.ca. 172765 IN NS dns02.harte-lyne.ca. > > ;; ADDITIONAL SECTION: > dns01.harte-lyne.ca. 172765 IN A 216.185.71.33 > dns02.harte-lyne.ca. 172765 IN A 209.47.176.33 > dns03.harte-lyne.ca. 172765 IN A 216.185.71.34 > dns04.harte-lyne.ca. 172765 IN A 209.47.176.34 > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1 > ;; WHEN: Fri Feb 2 14:34:17 2018 > ;; MSG SIZE rcvd: 208 > > root@hll107:~ # ping 216.185.71.44 > PING 216.185.71.44 (216.185.71.44): 56 data bytes > 64 bytes from 216.185.71.44: icmp_seq=0 ttl=64 time=0.357 ms > 64 bytes from 216.185.71.44: icmp_seq=1 ttl=64 time=0.382 ms > ^C > --- 216.185.71.44 ping statistics --- > 3 packets transmitted, 2 packets received, 33.3% packet loss > round-trip min/avg/max/stddev = 0.357/0.369/0.382/0.012 ms > > root@hll107:~ # ping vhost04.hamilton.harte-lyne.ca > ping: cannot resolve vhost04.hamilton.harte-lyne.ca: Host name lookup > failure > > root@hll107:~ # > > > Your problem is your using ezjail which uses the deprecated rc.conf environment-variable method. Most jail users have stopped using ezjail so support for problems like you are having is very limited. Every time you start a ezjail jail an error message popes out telling you to convert your jail system to the jail.conf method. That error message has been issued since 9.1. Its about time you do as it says before you get caught with a unsupported production jail environment. There is a good chance the deprecated rc.conf environment-variable method will be removed in 12.0 release. If you are addicted to the ezjail jail coding method then check out qjail which is a fork of ezjail that uses the jail.conf method.