New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fmDNS incorrectly writes files in RHEL/Centos 7 chroot setup #346

Closed
wmerkens opened this Issue Sep 14, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@wmerkens

wmerkens commented Sep 14, 2016

When fmDNS generates a config it incorrectly writes files to /var/named/chroot/[etc|var]

Under RHEL/Centos 7 named-chroot now creates a lot of bind mounted files.

see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-BIND.html

The issue cropped up when I was dealing with rndc.key, I already had /etc/rndc.key file but when fmDNS generated the config it complained about a existing file and filed to build the config.

So I duplicated the key inside of fmDNS and move /etc/rndc.key out of the way, this time the build completed and the file was written but it was written effectively twice also it wrote in /var/named/chroot/etc named.conf.keys. rndc.key was written once in /etc and second in /var/named/chroot/etc. This caused the service to not start correctly since the include in named.conf to include named.conf.keys could not be found in /etc only in /var/named/chroot/etc.

The output of systemctl
Sep 14 10:07:03 nstestvm.userful.ca systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
Sep 14 10:07:03 nstestvm.userful.ca bash[14664]: /etc/named.conf:3: open: /etc/named.conf.keys: file not found
Sep 14 10:07:03 nstestvm.userful.ca systemd[1]: named-chroot.service: control process exited, code=exited status=1
Sep 14 10:07:03 nstestvm.userful.ca systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Sep 14 10:07:03 nstestvm.userful.ca systemd[1]: Unit named-chroot.service entered failed state.
Sep 14 10:07:03 nstestvm.userful.ca systemd[1]: named-chroot.service failed.

To fix this I had to figure out how named-chroot put together it's list files to bind mount and found this in /usr/libexec

setup-named-chroot.sh

I edited the top of the file and added named.conf.keys, then touched /etc/named.conf.keys to create a empty file. I started the service and it was happy, next ran a build from fmDNS and it was happy, generated the files all correctly.

Then I tested by stopping service and checked /etc/named.conf.keys and sure enough it was populated now. started service and all works.

This leads to question what other files need to be added to that bind list.

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Sep 16, 2016

Thanks for the report. I'll have to figure out how to incorporate this.

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Apr 15, 2017

This is now fixed in the latest beta version and later.

@WillyXJ WillyXJ closed this Jun 23, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment