On 28/06/2021 09:39, ToddAndMargo via users wrote:
On 6/27/21 5:34 PM, Ed Greshko wrote:
> On 28/06/2021 06:40, ToddAndMargo via users wrote:
>> On 6/26/21 7:27 PM, ToddAndMargo via users wrote:
>>> On 6/25/21 12:24 AM, Tim via users wrote:
>>>> On Thu, 2021-06-24 at 21:04 -0700, ToddAndMargo via users wrote:
>>>>> I am trying to clean up my bind-chroot forward and reverse files.
>>>>>
>>>>> The goal is to have bind-chroot do its thing by duplicating
>>>>> these two files over into
>>>>> /var/named/chroot/var/named/slaves/
>>>>> with the identical inodes like it does with named.root and
>>>>> named.root.key:
>>>>
>>>> Hang on... If you're wanting it to bring things from outside of the
>>>> chroot into it, what's the point of chrooting? You're breaking
the
>>>> jail by doing that.
>>>>
>>>> The old approach was you created all the files in the chroot, where
>>>> bind-chroot makes use of them. And, you have a link outside of the
>>>> chroot into it, so that *you* can edit /etc/named.something without
>>>> thinking about it. But, ultimately, you shouldn't need any files
>>>> outside of the chroot, at all. And there's probably some advantage
in
>>>> just having one set (less confusing for you, at the very least).
>>>>
>>>
>>> Hi Tim,
>>>
>>> Bing-chroot uses "mount --bind". It is not occurring
>>> on my zone files.
>>>
>>> For a good explanation, see
>>>
>>>
https://bugzilla.redhat.com/show_bug.cgi?id=1972022#c3
>>>
>>> -T
>>
>>
>> I have moved my zone fines to /var/named
>>
>> Mount bind still does not get them. I had to
>> manually copy them over.
>>
>>
>> zone "abc.local" {
>> type master;
>> # file "/var/named/chroot/var/named/abc.hosts";
>> file "abc.hosts";
>> allow-update { key DHCP_UPDATER; };
>> # allow-update { 127.0.0.1; };
>> };
>>
>> zone "255.168.192.in-addr.arpa" {
>> type master;
>> # file "/var/named/chroot/var/named/abc.hosts.rev";
>> file "abc.hosts.rev";
>> allow-update { key DHCP_UPDATER; };
>> # allow-update { 127.0.0.1; };
>> };
>>
>>
>
> You may want to start "clean".
>
> First stop named-chroot and start the named server to make sure it doesn't
produced erros.
> If that check ok, then stop named.
>
> Then do
>
> rpm -e --nodeps bind-chroot
> rm -rf /var/named/chroot
> dnf install bind-chroot
>
> Then, without moving any files or doing anything, start named-chroot
>
> FYI, I just did the above procedure on my test system without trouble.
Did it do a mount --bind on your zone files?
Of course......
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor
preset: disabled)
Active: active (running) since Mon 2021-06-28 08:27:44 CST; 1h 15min ago
Process: 6305 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" ==
"yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z
"$NAMEDCONF"; else echo "Checking of zone >
Process: 6307 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot
$OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6308 (named)
Tasks: 4 (limit: 2504)
Memory: 57.8M
CPU: 170ms
CGroup: /system.slice/named-chroot.service
└─6308 /usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
Jun 28 08:27:44
f33k.greshko.com named[6308]: all zones loaded
Jun 28 08:27:44
f33k.greshko.com named[6308]: running
Jun 28 08:27:44
f33k.greshko.com named[6308]: zone
greshko.com/IN: sending notifies
(serial 1623223423)
Jun 28 08:27:45
f33k.greshko.com named[6308]: managed-keys-zone: Key 20326 for zone .
acceptance timer complete: key now trusted
Jun 28 08:27:45
f33k.greshko.com named[6308]: resolver priming query complete
--
Remind me to ignore comments which aren't germane to the thread.