Beware of bind-9.2.4-8_FC3:20 (was BIND (Network Manager}

Bill Cronk ngc4013 at cox.net
Sat Jan 22 03:15:33 UTC 2005 

Craig Wrote:

>Either you run named in chroot jail or you don't - your suggestion wants
>to have it both ways...doesn't seem to be the right solution.

># cat /etc/sysconfig/named
># Currently, you can use the following options:
># ROOTDIR="/some/where"  --  will run named in a chroot environment.
>#                            you must set up the chroot environment before
>#                            doing this.
># OPTIONS="whatever" -- These additional options will be passed to named
>#                       at startup. Don't add -t here, use ROOTDIR instead.

>If you run named in chroot environment then just consider everything
>relative to /var/named/chroot as the root directory.
>i.e.
> /var/named/chroot/etc/named.conf
> /var/named/chroot/var/named/all_zone_files_etc.

>so rather than making links to /var/named stuff, why not just mv the
>files to where they are now expected to be...

>mv /etc/named.conf /var/named/chroot/etc
>mv /var/named/* /var/named/chroot/var/named

>Craig

Obviously I don't fully understand the operation of chroot. However, I have been running DNS and DHCP for many years now in an isolated lab environment and since I was last year forced into using Redhat products there is still allot I need to learn that is different from running SuSE.

Since I have been running FC3 on my machines, performing a full install, I have not seen anything different than all the pre-setup config files for named being located in /var/named/chroot/var/named , */*with*/* links back to the /var/named location. It has not changed on any of >8 installs! It most likely was the same in FC2 if chroot was used.

The whole point of this that there is a flaw in the creation of zone files. I verified it today at work. I found a machine where the DNS was never touched and attempted to create new zone files. The stock tool failed to properly create the file. It created a file called localhost.zone.2???? (Don't remember the five numbers) The zone being created was entered as dsp-gcsd.labnet.gov. The file was also zero in size and it did not have the link as all the FC3 stock named config files had back into the /var/named location.

I believe it is simple enough, first the tool doesn't allow the file to save properly. Second, what it does save is not linked back like all the other files. Without the link DNS will not run in caching mode on my servers.

Bill

More information about the users mailing list