From owner-freebsd-jail@FreeBSD.ORG Sat Feb 14 22:44:09 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72B50106566B for ; Sat, 14 Feb 2009 22:44:09 +0000 (UTC) (envelope-from davidn04@gmail.com) Received: from mail-qy0-f12.google.com (mail-qy0-f12.google.com [209.85.221.12]) by mx1.freebsd.org (Postfix) with ESMTP id 1EB6A8FC23 for ; Sat, 14 Feb 2009 22:44:08 +0000 (UTC) (envelope-from davidn04@gmail.com) Received: by qyk5 with SMTP id 5so1459015qyk.19 for ; Sat, 14 Feb 2009 14:44:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=vMC4XYENiB/e3Wh2sYu5VT7Sl6MqMHKOXsab4P7lkN4=; b=HEOhgbVIZ9Q3qwME+tlTZkveum8Ul5rQ6XJg+fB0yA1+2D3IShJr0U5sitwVQ6ctZ2 Lh1sNe5y25VWHv5IzS+p7KkBKSMIlV1Zh+f2LXEIpvjnUd3LQeqDOxaQ1p0NIWiE8Mcz CklJYOedRO8MMP/KU8OepW7wvisEO3RrQL7CU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=tcJlEvwt6KWPfSH8UQfOQs7EYkfc6VR3GpnofRePnSaB7Z8Z2w+OslmesyRu3yz2YZ dcKfMlKNTSlUBaxAVm+BfJv13YFsQFEtXUcT+by9+X19NPq6SjAC0nw3VmPfO/ZvJhwc QapL0ojd1UxMeHPmtD882kmhXDJBRRSE3FQlQ= MIME-Version: 1.0 Received: by 10.224.20.76 with SMTP id e12mr5706194qab.46.1234649841841; Sat, 14 Feb 2009 14:17:21 -0800 (PST) In-Reply-To: <499733EC.3040706@netplex.se> References: <499733EC.3040706@netplex.se> Date: Sun, 15 Feb 2009 09:17:21 +1100 Message-ID: <4d7dd86f0902141417xb626f20h2c694fb3861f751f@mail.gmail.com> From: David N To: Anders Hagman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: BIND in jail problem X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2009 22:44:10 -0000 2009/2/15 Anders Hagman : > Hi > > I'm trying to use BIND inside a jail and have passed the chroot > problem and have a running named without chroot. > > The problem is that the jail does not have the address 127.0.0.1 or does not > use the info in resolv.conf. > > When I use the host command I get: > > [root@ippbx1 ~]# host ippbx1 > ;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53 > > /etc/resolv.conf > domain kalmar.se > search kalmar.se > nameserver 127.0.0.1 > > tcpdump: > 21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], proto > UDP (17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ A? ippbx1. > (24) > > 21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], proto > UDP (17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 ServFail > 0/0/0 (24 > > As you can see the destination address is 172.16.101.3 despite the name > server address in resolv.conf. The host command does not add the domain as > it should and sends the query as "A? ippbx1" instead of "A? > ippbx1.kalmar.se". The host command expects to get an answer from 127.0.0.1. > > Changing the nameserver address in resolv.conf to 172.16.101.3 does not > change anything. Using the FQDN does not help because it's still the wrong > expected address. The only thing that works is: host ippbx1.kalmar.se > 172.16.101.3. > > Using ping give a different picture: > > [root@ippbx1 ~]# ping ippbx1 > ping: cannot resolve ippbx1: Host name lookup failure > > /etc/resolv.conf > domain kalmar.se > search kalmar.se > nameserver 172.16.101.3 > > > tcpdump: > 21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], proto > UDP (17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? > ippbx1.kalmar.se. (34) > 21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], proto > ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp port 53 > unreachable, length 36 > > > ping does add the domain to the query but does not read the address from > resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host 0 > machine and does not run BIND. > > > uname -a > FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0 > named -v > BIND 9.4.2-P2 > > named.conf: > zone "kalmar.se" { type master; file "master/kalmar"; }; > zone "101.16.172.in-addr.arpa" { type master; file "master/kalmar.rev"; }; > > zone file kalmar: > > $TTL 3h > @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h > ; Serial, Refresh, Retry, Expire, Neg. cache TTL > > IN NS ippbx1.kalmar.se. > ippbx1 IN A 172.16.101.3 > > zone file kalmar.rev: > > $TTL 3h > @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h > ; Serial, Refresh, Retry, Expire, Neg. cache TTL > IN NS ippbx1.kalmar.se. > 3 IN PTR ippbx1.kalmar.se. > > > Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab > and want to run six autonomous jails with DNS, DHCP, NTP and asterisk > inside. > DHCP and Asterisk works but DNS is vital for the lab. > > BR > Anders H > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > Hi, You also need in your name.conf options { allow-query { 10.0.0.0/8; }; <-- replace with your own network listen-on { 10.1.20.1; }; <-- replace with your jail IP forwarders { xx.xx.xx.xx; xx.xx.xx.xx; }; <-- replace with your upstream DNS servers (supplied by ISP) }; in the resolve.conf should be your domain and DNS server(s) IP addresses, not 127.0.0.1, there is no localhost inside the jails, so it wont work. Regards