chrooted - splitdns

John Hardy johnh at PATCHLINK.COM
Thu Jun 29 06:55:35 UTC 2000 

	I have sucessfully installed a chroot-split/dns system.  I have my
external systems being listed from the Public interface and I have my
internal systems being listed from the Private interface.  Now the problem
I'm having is a little complicated.  Basically I don't think my forwarding
is working.  Let see if I can explain it properly.  One machine, Linux
2.2.13, Version "8.2.2-P5", 2 nics, Public and Private interfaces have a
named process with db files for the external servers on Public and db files
for the internal servers on Private.  The Private interface has a  forwarder
to the public side.  Both sides are serving the same domain name.  I am
expecting that a private workstation on the private side, should be able to
request one of our public servers, recieving the answer from the service
listening on the Public interface.  This is not happening, it times out.
When I startup named, I have 1 error that seems relevant.  But I don't know
how to fix it.

	Jun 25 16:27:48 ns1 named[7834]: sysquery: sendto([public
IPxx.xx.xx.xx].53): Operation not permitted

	Here are my named.conf file "options" for each side

	-Public-
	options {
	        directory "/db_ext";
	        pid-file "/db_ext/pid";
	        named-xfer "/sbin/named-xfer";
	        #
	        #query-source address * port 53;
	        #
	        # specify the external IP address of this box
	        listen-on { PubicIPxx.xx.xx.xx; 127.0.0.1; };
	        #
	};
	(Each domain has a "allow-query{ any; };")


	-Private-
	options {
	        directory "/db_int";
	        pid-file "/db_int/pid";
	        named-xfer "/sbin/named-xfer";
	        #
	        # specify the internal IP address of this box
	        listen-on { 192.168.1.1; };
	        #
	        # specify the external IP address of this box
	        forwarders { PublicIPxx.xx.xx.xx; };
	        #
	        # only allow queries from this source
	        allow-query { 192.168.1/24; 127.0.0.1; };
	        #
	};

	When I restart the named servers I get:

	Jun 28 23:37:18 ns named[1116]: reloading nameserver
	Jun 28 23:37:18 ns named[1116]: Forwarding source address is
[0.0.0.0].1055
	Jun 28 23:37:18 ns named[1116]: Ready to answer queries.
	Jun 28 23:37:18 ns named[1118]: reloading nameserver
	Jun 28 23:37:18 ns named[1118]: Forwarding source address is
[0.0.0.0].1056
	Jun 28 23:37:18 ns named[1118]: Ready to answer queries.
	Jun 28 23:37:40 ns named[1118]: ns_forw:
sendto([PublicIPxx.xx.xx.xx].53): Operation not permitted

	I would appreciate some help.  I'm out of options, at least that I
know of.  I have tried using 0.0.0.0 as a forwarder, I have tried taking
both sides individually off of listening to 127.0.0.1, and the allow-query.
I'm hoping someone has an answer.  I am also running IPchains.  However I
have turned it off to test this and still no luck.  I have ipforwarding on
in the kernel, I can't see why this is a problem.


	Second issue - what does this mean?
	Jun 28 23:15:14 ns named[1118]: sysquery: findns error (NXDOMAIN) on
ns1.{mydomain}.com?

	Thank you for your time
	John Hardy

More information about the bind-users mailing list