On 28/06/2021 06:40, ToddAndMargo via users wrote:
On 6/26/21 7:27 PM, ToddAndMargo via users wrote:
> On 6/25/21 12:24 AM, Tim via users wrote:
>> On Thu, 2021-06-24 at 21:04 -0700, ToddAndMargo via users wrote:
>>> I am trying to clean up my bind-chroot forward and reverse files.
>>>
>>> The goal is to have bind-chroot do its thing by duplicating
>>> these two files over into
>>> /var/named/chroot/var/named/slaves/
>>> with the identical inodes like it does with named.root and
>>> named.root.key:
>>
>> Hang on... If you're wanting it to bring things from outside of the
>> chroot into it, what's the point of chrooting? You're breaking the
>> jail by doing that.
>>
>> The old approach was you created all the files in the chroot, where
>> bind-chroot makes use of them. And, you have a link outside of the
>> chroot into it, so that *you* can edit /etc/named.something without
>> thinking about it. But, ultimately, you shouldn't need any files
>> outside of the chroot, at all. And there's probably some advantage in
>> just having one set (less confusing for you, at the very least).
>>
>
> Hi Tim,
>
> Bing-chroot uses "mount --bind". It is not occurring
> on my zone files.
>
> For a good explanation, see
>
>
https://bugzilla.redhat.com/show_bug.cgi?id=1972022#c3
>
> -T
I have moved my zone fines to /var/named
Mount bind still does not get them. I had to
manually copy them over.
zone "abc.local" {
type master;
# file "/var/named/chroot/var/named/abc.hosts";
file "abc.hosts";
allow-update { key DHCP_UPDATER; };
# allow-update { 127.0.0.1; };
};
zone "255.168.192.in-addr.arpa" {
type master;
# file "/var/named/chroot/var/named/abc.hosts.rev";
file "abc.hosts.rev";
allow-update { key DHCP_UPDATER; };
# allow-update { 127.0.0.1; };
};
You may want to start "clean".
First stop named-chroot and start the named server to make sure it doesn't produced
erros.
If that check ok, then stop named.
Then do
rpm -e --nodeps bind-chroot
rm -rf /var/named/chroot
dnf install bind-chroot
Then, without moving any files or doing anything, start named-chroot
FYI, I just did the above procedure on my test system without trouble.
--
Remind me to ignore comments which aren't germane to the thread.