Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 02 Feb 2018 23:44:31 +0800
From:      Ernie Luzar <luzar722@gmail.com>
To:        byrnejb@harte-lyne.ca
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Jails, ping, and now DNS
Message-ID:  <5A74875F.9080901@gmail.com>
In-Reply-To: <737005a0c3e97d8d1e9306eb52471f89.squirrel@webmail.harte-lyne.ca>
References:  <737005a0c3e97d8d1e9306eb52471f89.squirrel@webmail.harte-lyne.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
James B. Byrne via freebsd-questions wrote:
> Ok, this jail setup thing is slowly driving me mad.  Can someone
> explain the following behaviour observed on a jail (hll124) set up
> using ezjail?
> 
> root@hll107:~ # sysctl security.jail.allow_raw_sockets
> security.jail.allow_raw_sockets: 1
> 
> root@hll107:~ # service local_unbound onestatus
> local_unbound is running as pid 76810.
> 
> root@hll107:~ # drill vhost04.hamilton.harte-lyne.ca
> 
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
> ;; QUESTION SECTION:
> 
> 
> ;; vhost04.hamilton.harte-lyne.ca.      IN      A
> 
> ;; ANSWER SECTION:
> vhost04.hamilton.harte-lyne.ca. 172765  IN      A       216.185.71.44
> 
> ;; AUTHORITY SECTION:
> harte-lyne.ca.  172765  IN      NS      dns04.harte-lyne.ca.
> harte-lyne.ca.  172765  IN      NS      dns01.harte-lyne.ca.
> harte-lyne.ca.  172765  IN      NS      dns03.harte-lyne.ca.
> harte-lyne.ca.  172765  IN      NS      dns02.harte-lyne.ca.
> 
> ;; ADDITIONAL SECTION:
> dns01.harte-lyne.ca.    172765  IN      A       216.185.71.33
> dns02.harte-lyne.ca.    172765  IN      A       209.47.176.33
> dns03.harte-lyne.ca.    172765  IN      A       216.185.71.34
> dns04.harte-lyne.ca.    172765  IN      A       209.47.176.34
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1
> ;; WHEN: Fri Feb  2 14:34:17 2018
> ;; MSG SIZE  rcvd: 208
> 
> root@hll107:~ # ping 216.185.71.44
> PING 216.185.71.44 (216.185.71.44): 56 data bytes
> 64 bytes from 216.185.71.44: icmp_seq=0 ttl=64 time=0.357 ms
> 64 bytes from 216.185.71.44: icmp_seq=1 ttl=64 time=0.382 ms
> ^C
> --- 216.185.71.44 ping statistics ---
> 3 packets transmitted, 2 packets received, 33.3% packet loss
> round-trip min/avg/max/stddev = 0.357/0.369/0.382/0.012 ms
> 
> root@hll107:~ # ping vhost04.hamilton.harte-lyne.ca
> ping: cannot resolve vhost04.hamilton.harte-lyne.ca: Host name lookup
> failure
> 
> root@hll107:~ #
> 
> 
> 

Your problem is your using ezjail which uses the deprecated rc.conf 
environment-variable method. Most jail users have stopped using ezjail 
so support for problems like you are having is very limited.

Every time you start a ezjail jail an error message popes out telling 
you to convert your jail system to the jail.conf method. That error 
message has been issued since 9.1. Its about time you do as it says 
before you get caught with a unsupported production jail environment. 
There is a good chance the deprecated rc.conf environment-variable 
method will be removed in 12.0 release.

If you are addicted to the ezjail jail coding method then check out 
qjail which is a fork of ezjail that uses the jail.conf method.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A74875F.9080901>