subject:"FreeBSD 7.0\-RELEASE\-p12 bind9 log files not found"

Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found

2009-05-30 Thread Mel Flynn

On Saturday 30 May 2009 17:01:17 Prokofyev Vladislav wrote:
> > The named running chrooted has no clue about /var/named. You can either
> > use ducttape:
> > cd /var/named/var && sudo ln -s .. named
> >
> > or just strip /var/named from your config file, hence use
> > /var/log/xfer.log.
> >
> > --
> > Mel
>
> This helped, thank you a lot.
> So, if I think in a right way, /usr/sbin/named with -t start option don't
> effect on any symlinks etc.

Erm, yes or ... no. I suggest you read up on chroot.
The short answer is that relative symlinks within the chroot environment work 
while absolute ones should take into the account the new filesystem root.


> I didn't pay attention to this cause named(8)
> says:
>
> -t directory
>   Chroot to directory after processing the command line arguments,
>   but before reading the configuration file.

and have a look at what /etc/namedb really is:
# ls -l /etc/namedb
lrwxr-xr-x  1 root  wheel  21 May 21 06:24 /etc/namedb -> 
/var/named/etc/namedb

And this demonstrates chroot a bit:
# cp /rescue/ls /var/named/

# chroot /var/named /ls -l /etc/namedb
total 1
drwxr-xr-x  2 53  0512 Feb 28 05:57 dynamic
drwxr-xr-x  2 0   0512 May 15 13:42 master
-rw-r--r--  1 0   0  11714 May 15 14:40 named.conf
-rw-r--r--  1 0   0   2956 May 15 13:42 named.root
-rw---  1 53  0 97 Apr 18 10:29 rndc.key
drwxr-xr-x  2 53  0512 May 30 11:21 slave

>   Warning: This option should be used in conjunction with the
>   -u option, as chrooting a process running as root doesn't
>   enhance security on most systems; the way chroot(2) is
>   defined allows a process with root privileges to escape a
>   chroot jail.
>
> And I thought that all actions for proper work are made by named :)

They are, you just need reference the right path, the one without /var/named, 
or use relative paths where the working directory is /etc/namedb. So one would 
get to /var/log using:
file "../../var/log/xfer";

-- 
Mel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found

2009-05-30 Thread Prokofyev Vladislav

>
> named_enable="YES"
> named_program="/usr/sbin/named"
> named_chrootdir="/var/named"
>
> -Mike
>
>
After adding these options on my system, named didn't start at boot.
Manully attempt to start it via '/etc/rc.d/named start' brought to the
following error:

 /etc/rc.d/named: WARNING: run_rc_command: cannot run /usr/sbin/named

Anyway, thank you for time you've spent to write an answer. Hope this thread
will help somebody who is stuck with the same problem.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found

2009-05-30 Thread Michael Powell

Prokofyev Vladislav wrote:

> Hello,
> 
> I have setup FreeBSD recently, can somebody help me with one interesting
> thing - Bind9 slave DNS server, everything is works great, but I got a
> problem with extended logging of xfer, etc.
> Bind9 started in chroot:
> 
> root  7880.0  0.1  3156  1004  ??  Ss   Fri01AM   0:02.10
> /usr/sbin/syslogd -l /var/run/log -l /var/named/var/run/log -s
> bind30792  0.0  1.2 16212 12864  ??  Is4:10PM   0:00.23
> /usr/sbin/named -t /var/named -u bind
> 
> 
[snip]
> 
> 
> Changing permissions and putting log-files in different places (with
> changing paths in named.conf of course) has no effect. I see that problem
> is pretty silly but searching info about this doesn't say something
> special - I still got "file not found" in /var/messages.
> Maybe Iam don't understand where files must be placed, so, thanks in
> advance for everybody who can explain how it works :)
> 

Don't know if this will help, but took a quick look at my box here at home 
and have the following in my rc.conf - but I don't have logging turned on 
with this machine. Note the last line. So the logs should be in 
/var/named/var/log

named_enable="YES"
named_program="/usr/sbin/named"
named_chrootdir="/var/named"

-Mike




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found

2009-05-30 Thread Mel Flynn

On Saturday 30 May 2009 14:50:31 Prokofyev Vladislav wrote:

> Bind9 started in chroot:
>
> root  7880.0  0.1  3156  1004  ??  Ss   Fri01AM   0:02.10
> /usr/sbin/syslogd -l /var/run/log -l /var/named/var/run/log -s
> bind30792  0.0  1.2 16212 12864  ??  Is4:10PM   0:00.23
> /usr/sbin/named -t /var/named -u bind
>
>
> Configuration of logging channels from named.conf:
>
> logging
> {
>
> channel "xfer"
> {
>
> file "/var/named/var/log/xfer.log" versions 3 size
> 10m;

The named running chrooted has no clue about /var/named. You can either use 
ducttape:
cd /var/named/var && sudo ln -s .. named

or just strip /var/named from your config file, hence use /var/log/xfer.log.

-- 
Mel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

FreeBSD 7.0-RELEASE-p12 bind9 log files not found

2009-05-30 Thread Prokofyev Vladislav

Hello,

I have setup FreeBSD recently, can somebody help me with one interesting
thing - Bind9 slave DNS server, everything is works great, but I got a
problem with extended logging of xfer, etc.
Bind9 started in chroot:

root  7880.0  0.1  3156  1004  ??  Ss   Fri01AM   0:02.10
/usr/sbin/syslogd -l /var/run/log -l /var/named/var/run/log -s
bind30792  0.0  1.2 16212 12864  ??  Is4:10PM   0:00.23
/usr/sbin/named -t /var/named -u bind


Configuration of logging channels from named.conf:

logging
{

channel "xfer"
{

file "/var/named/var/log/xfer.log" versions 3 size
10m;
print-time
yes;

print-severity
yes;

severity
info;


};



channel "lame"
{

file "/var/named/var/log/lame.log" versions 2 size
10m;
print-time
yes;

print-severity
yes;

severity
info;


};



channel "config"
{

file "/var/named/var/log/conf.log" versions 3 size
10m;
print-time
yes;

print-severity
yes;

severity
info;


};



channel "security"
{

file "/var/named/var/log/security.log" versions 3 size
10m;
print-time
yes;

print-severity
yes;

severity
info;


};




category "xfer-in" { "xfer"; };
category "xfer-out" { "xfer"; };
category "notify" { "xfer"; };
category "lame-servers" { "lame"; };
category "config" { "config"; };
category "security" { "security"; };
category "default" { "default_syslog"; "default_debug"; };
};


Next, I've create files in /var/named/var/log and chown them to bind:wheel
(cause of -u bind is defined above):

[po...@mgork23-gw /var/named/var/log]$ ls -la
total 4
drwxr-xr-x  2 bind  wheel  512 May 30 16:09 .
drwxr-xr-x  6 root  wheel  512 May 21 19:16 ..
-rw-r--r--  1 bind  wheel0 May 30 14:54 conf.log
-rw-r--r--  1 bind  wheel0 May 30 14:55 lame.log
-rw-r--r--  1 bind  wheel0 May 30 14:55 security.log
-rw-r--r--  1 bind  wheel0 May 30 14:54 xfer.log


But I get following messages in /var/log/messages:

May 30 16:27:42 srv named[31139]: starting BIND 9.4.2 -t /var/named -u bind
May 30 16:27:42 srv named[31139]: command channel listening on 127.0.0.1#953
May 30 16:27:42 srv named[31139]: command channel listening on ::1#953
May 30 16:27:42 srv named[31139]: logging channel 'xfer' file
'/var/named/var/log/xfer.log': file not found
May 30 16:27:42 srv named[31139]: logging channel 'lame' file
'/var/named/var/log/lame.log': file not found
May 30 16:27:42 srv named[31139]: logging channel 'config' file
'/var/named/var/log/conf.log': file not found
May 30 16:27:42 srv named[31139]: logging channel 'security' file
'/var/named/log/security.log': file not found
May 30 16:27:42 srv named[31139]: running
May 30 16:27:42 srv named[31139]: isc_log_open '/var/named/var/log/xfer.log'
failed: file not found


Changing permissions and putting log-files in different places (with
changing paths in named.conf of course) has no effect. I see that problem is
pretty silly but searching info about this doesn't say something special - I
still got "file not found" in /var/messages.
Maybe Iam don't understand where files must be placed, so, thanks in advance
for everybody who can explain how it works :)

VP
v.prokof...@gmail.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found

Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found

Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found

Re: FreeBSD 7.0-RELEASE-p12 bind9 log files not found

FreeBSD 7.0-RELEASE-p12 bind9 log files not found

5 matches

Site Navigation

Mail list logo

Footer information