Tengo bind_8.2.3-0.potato.1 metido en un chroot y sospecho que no funciona todo lo bien que debería. Al cabo de unos días de reiniciarlo me encontré sin clones en el IRC porque el servidor de IRC no era capaz de hacer la resolución inversa de mi IP. Ahora le he dado una dirección de mi dominio a una amiga y me dijo que no funcionaba, entonces le dije la IP y ahora mismo está navegando. Si inicio el daemon como root todo vuelve a la normalidad, lo que parece indicar que puede ser un problema de permisos. # ls -laR /chroot/named/ /chroot/named/: total 28 drwxr-xr-x 7 root root 4096 May 21 21:54 ./ drwxr-xr-x 3 root root 4096 May 21 21:54 ../ drwxr-xr-x 2 root root 4096 May 24 12:13 dev/ drwxr-xr-x 3 root root 4096 May 21 16:43 etc/ drwxr-xr-x 2 root root 4096 May 21 21:55 lib/ drwxr-xr-x 3 root root 4096 May 21 16:10 usr/ drwxr-xr-x 4 root root 4096 May 22 09:01 var/ /chroot/named/dev: total 8 drwxr-xr-x 2 root root 4096 May 24 12:13 ./ drwxr-xr-x 7 root root 4096 May 21 21:54 ../ srw-rw-rw- 1 root root 0 May 24 12:13 log= crw-rw-rw- 1 root root 1, 3 May 21 16:12 null /chroot/named/etc: total 24 drwxr-xr-x 3 root root 4096 May 21 16:43 ./ drwxr-xr-x 7 root root 4096 May 21 21:54 ../ drwxr-xr-x 2 named named 4096 Jun 24 05:08 bind/ -rw-r--r-- 1 root root 13 May 21 16:43 group -rw-r--r-- 1 root root 946 May 21 16:12 localtime -rw-r--r-- 1 root root 465 May 21 16:11 nsswitch.conf /chroot/named/etc/bind: total 128 drwxr-xr-x 2 named named 4096 Jun 24 05:08 ./ drwxr-xr-x 3 root root 4096 May 21 16:43 ../ -rw-r--r-- 1 named named 237 Apr 11 2000 db.0 -rw-r--r-- 1 named named 271 Apr 11 2000 db.127 -rw-r--r-- 1 named named 237 Apr 11 2000 db.255 -rw-r--r-- 1 named named 256 Apr 11 2000 db.local -rw-r--r-- 1 named named 1516 May 14 20:17 db.root -rw-r--r-- 1 named named 616 Jun 6 00:26 named.cc2k -rw-r--r-- 1 root root 4281 May 21 16:11 named.conf -rw-r--r-- 1 named named 973 Jun 25 21:57 named.millennium -rw-r--r-- 1 named named 170 May 2 23:07 named.rev-cc2k -rw-r--r-- 1 named named 177 May 2 23:07 named.rev-internal /chroot/named/lib: total 968 drwxr-xr-x 2 root root 4096 May 21 21:55 ./ drwxr-xr-x 7 root root 4096 May 21 21:54 ../ -rwxr-xr-x 1 root root 85654 May 21 17:34 ld-linux.so.2* -rwxr-xr-x 1 root root 887712 May 21 17:33 libc.so.6* /chroot/named/usr: total 12 drwxr-xr-x 3 root root 4096 May 21 16:10 ./ drwxr-xr-x 7 root root 4096 May 21 21:54 ../ drwxr-xr-x 2 root root 4096 May 22 08:56 sbin/ /chroot/named/usr/sbin: total 684 drwxr-xr-x 2 root root 4096 May 22 08:56 ./ drwxr-xr-x 3 root root 4096 May 21 16:10 ../ -rwxr-xr-x 1 root root 470748 May 22 08:56 named* -rwxr-xr-x 1 root root 210108 May 22 08:56 named-xfer* /chroot/named/var: total 16 drwxr-xr-x 4 root root 4096 May 22 09:01 ./ drwxr-xr-x 7 root root 4096 May 21 21:54 ../ drwxrwx--- 3 root named 4096 May 22 09:01 cache/ drwxrwx--- 2 root named 4096 Jun 23 22:53 run/ /chroot/named/var/cache: total 12 drwxrwx--- 3 root named 4096 May 22 09:01 ./ drwxr-xr-x 4 root root 4096 May 22 09:01 ../ drwxrwx--- 2 root named 4096 May 22 09:01 bind/ /chroot/named/var/cache/bind: total 8 drwxrwx--- 2 root named 4096 May 22 09:01 ./ drwxrwx--- 3 root named 4096 May 22 09:01 ../ /chroot/named/var/run: total 12 drwxrwx--- 2 root named 4096 Jun 23 22:53 ./ drwxr-xr-x 4 root root 4096 May 22 09:01 ../ -rw-r--r-- 1 named named 6 Jun 23 22:53 named.pid srw------- 1 root root 0 Jun 23 22:53 ndc= Ni que decir tiene que el servidor, en condiciones normales, se ejecuta como named.named. # grep named /etc/passwd /etc/shadow /etc/group /etc/passwd:named:x:104:104::/chroot/named:/bin/false /etc/shadow:named:!:11304:0:99999:7::: /etc/group:named:x:104: El script de inicio está ligeramente modificado: # cat /etc/init.d/bind #!/bin/sh PATH=/sbin:/bin:/chroot/named/usr/sbin:/usr/sbin:/usr/bin test -x /chroot/named/usr/sbin/named || exit 0 case "$1" in start) echo -n "Starting domain name service: named" start-stop-daemon --start --quiet --exec /chroot/named/usr/sbin/named -- -t /chroot/named -u named -g named echo "." ;; stop) echo -n "Stopping domain name service: named" start-stop-daemon --stop --quiet \ --pidfile /chroot/named/var/run/named.pid --exec /chroot/named/usr/sbin/named echo "." ;; restart) echo "Plis haz /etc/init.d/bind stop; /etc/init.d/bind start" exit 1 # /usr/sbin/ndc restart ;; reload) echo "Plis haz /etc/init.d/bind stop; /etc/init.d/bind start" exit 1 # /usr/sbin/ndc reload ;; force-reload) $0 restart ;; *) echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2 exit 1 ;; esac exit 0 ¿Problema de firewall? # ipchains -nL | grep -w 53 ACCEPT tcp ------ 1.2.3.4 195.55.160.33 * -> 53 DENY tcp ------ 0.0.0.0/0 195.55.160.33 * -> 53 ACCEPT udp ------ 0.0.0.0/0 195.55.160.33 * -> 53 Sólo le permito las conexiones entrantes hacia el puerto TCP 53 al servidor secundario de la zona (1.2.3.4), a fin de que se puedan producir las transferencias de zona pertinentes. Permito por supuesto UDP a todo el mundo. No se me ocurren más posibles causas. Si alguien se siente benéfico que pruebe con nslookup algo así: > server 195.55.160.33 > set q=ptr > 195.55.160.33 Y a ver qué sale. Quien me arregle esto tiene un par de cubatas o lo que guste en Vigo :^). -- David Serrano <cyberchat2000.com@hue> - Linux Registered User #87069
Attachment:
pgpyZ0T5eFX9l.pgp
Description: PGP signature