On 6/15/21 2:30 PM, Ed Greshko wrote:
On 16/06/2021 03:54, ToddAndMargo via users wrote:
- the new version of bind-chroot enables "dns security validation" by
default.
Make sure you do not have two `named.root.key` kicking around. One in /etc/named.root.key and one in /var/named/chroot/etc/named.root.key
I think you may be missing some key points as to how named-chroot works.
If you look at the named-chroot.service file you'd see.....
Requires=named-chroot-setup.service Before=nss-lookup.target After=named-chroot-setup.service
This means that named-chroot-setup.service runs prior to ExecStart in named-chroot.service
named-chroot-setup.service performs a series of bind-mounts (not be confused with bind/named) You can see the mounts after starting named-chroot.
Thus you'd have.....
[root@f33g ~]# systemctl stop named-chroot [root@f33g ~]# ll /var/named/chroot/etc/named.root.key /etc/named.root.key ls: cannot access '/var/named/chroot/etc/named.root.key': No such file or directory -rw-r--r--. 1 root named 686 Jun 3 22:47 /etc/named.root.key
[root@f33g ~]# systemctl start named-chroot [root@f33g ~]# ll /var/named/chroot/etc/named.root.key /etc/named.root.key -rw-r--r--. 1 root named 686 Jun 3 22:47 /etc/named.root.key -rw-r--r--. 1 root named 686 Jun 3 22:47 /var/named/chroot/etc/named.root.key
To repeat what I've said in another thread. I've upgraded 2 F33 VMs. One running named.service the other named-chroot.service. Both upgraded without any problems you noted.
Hi Ed,
Hmmmmm. I screwed up pretty good. I will do this again.
Thank you, -T