[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webmin-l
Subject:    Re: [webmin-l] Bind Oddities
From:       John Hinton <webmaster () ew3d ! com>
Date:       2012-12-02 7:59:37
Message-ID: 50BB0A69.5050207 () ew3d ! com
[Download RAW message or body]

On 12/2/2012 2:31 AM, Jamie Cameron wrote:
> On 01/Dec/2012 20:01 John Hinton <webmaster@ew3d.com> wrote ..
>> On 12/1/2012 8:19 PM, Jamie Cameron wrote:
>>> On 30/Nov/2012 19:00 John Hinton <webmaster@ew3d.com> wrote ..
>>>> I am running CentOS 6 with bind in a chroot environment. Have the same
>>>> setup on some C5 servers. It worked great until a few weeks ago.
>>>> Suddenly the Webmin system seemed to lose the pathing info. So, I have
>>>> messed around with pretty much everything and here is where I am.
>>>>
>>>> Bind runs fine from the command line.
>>>> There were no updates to bind when this happened.
>>>> Named is seen as running in bootup and shutdown module.
>>>> Named is not seen as running nor will it start via the Webmin interface.
>>>> All of the existing zone files are empty in the Webmin module, however
>>>> they are not empty on the server.
>>>> I created a dummy domain entry and it used the full path to the zone
>>>> files instead of using my selection to use relative zone file paths.
>>>> And, I can see inside the files in the bind module and can see records
>>>> created from the command line.
>>>>
>>>> So, this seems like somehow bind has lost it's wits about the chroot
>>>> pathing. I checked sysconfig/name and ROOTPATH is correct. If I set it
>>>> to use my /var/named/chroot directory set in webmin instead of running
>>>> the shell script, I get the same results.
>>>>
>>>> I have run round and round in circles on this. Any ideas on where to look?
>>> In Webmin's BIND module, does it show at the top of the main page that BIND
>>> is under a chroot directory?
>> I have three nameservers. On this one it does not. FYI, it worked right
>> for months and then suddenly stopped. I never allow any bind updates
>> except on my command as Redhat seems to break the permissions on slaves
>> during each upgrade.
>>
>> I have set every setting that I can think of differently. It finds
>> named.conf correctly, but is confused about the location of the zone
>> files. if I create a new one, it is placed where ever the path to the
>> zone files is set and the chroot is not considered. If I set the path to
>> the full chroot directory, it places the zone file there and it is seen
>> and editable, but the path in named.conf is also the full path including
>> the chroot directory.
> Are all three nameservers running CentOS 6? Version 6 introduced some changes
> in the way the BIND chroot is setup that has caused problems for some Webmin users.
This is the only 6 version. Yes, it seems that 6 has more changes than 
the total combined between RH5 and EL5! Arrgh! I'm scratching my head 
over what package update must have done this. Again, I do all of my 
updates manually and this occurred on a working system which did not get 
a bind update. I did do a bind update after it happened to see if that 
would fix it. No luck. Unfortunately we haven't had much in the way of 
account changes lately and so the time frame between visits to bind on 
this system was a longer than usual time... making it all harder to 
remember what was updated on this system between the working version and 
the now broken version. There may have been an update to Webmin in there 
as well as a number of system updates. Were there any changes in the 
recent Webmin releases that might have an effect on the bind module? I 
could do a roll back.

Is there any additional logging I can turn on somewhere to see what is 
happening? The bind module just sees bind as not running. Clicking start 
comes back to the exact same things with start still showing. If I shut 
down bind from the command line and click on start, same thing. Yet boot 
up and shutdown does show bind as running.
>
> Personally I would recommend not running in chroot if you can. The security
> benefits are minimal..
Hmmmm.... well, I would rather not. Actually, I hate messing too much 
with a live nameserver and this one does double duty with our Spamhaus 
feed, so is a bit more critical to spam filtering across the rest of the 
systems.

Thanks Jamie.
>
>   - Jamie
>
> ------------------------------------------------------------------------------
> Keep yourself connected to Go Parallel:
> DESIGN Expert tips on starting your parallel project right.
> http://goparallel.sourceforge.net/
> -
> Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list


-- 
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions


------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
DESIGN Expert tips on starting your parallel project right.
http://goparallel.sourceforge.net/
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list
[prev in list] [next in list] [prev in thread] [next in thread]