help! Can't get two nameservers to run!

Thu Sep 7 02:00:27 UTC 2000

OK I admit I'm getting a little panicky... I'm desperately trying
to run two copies of named, to work around the known subdomain
leakage problem in 8.2.2. v9 solves it, but is too buggy to put in
production just yet.

My nameserver box has two ethernet cards. I want to run:

* An outside nameserver, primary for one zone, listens on ethernet1
only, allows all queries and few axfrs. Recursion and glue is off.
I want it to have no knowledge of anything but it's one domain,
DOMAIN.COM. This is our public nameserver.

* An inside nameserver, primary for a bunch of sub-domains and
secondary for a bunch of domains. It listens on ethernet0 and
127.0.0.1, allows query inside (10/8, etc), a few axfrs. Recursion
is on, glue off.

I start the nameservers inside, then outside, and get the errors
below.

? queries to ethernet1 are resolved by the inside nameserver, the
outside nameserver seems inert. (eg. I kill -9 the outside server
and it still answers queries?) 

? The second copy of bind generates this error:
named[4342]: ctl_server: bind: Address already in use
but says its listening on the appropriate interface, but it acts
like the "inside" server, loaded first, is bound to that address.

I know also this means ndc's pipe to named is AFU (by the second
invokation I suppose) but the O'Reilly book says nothing about
setting up ndc, and I'm fine with manually signalling the thing.

I don't see any reason to chroot each copy; is there one?
[tomj at ns1 DNS]# ps -ax | egrep named
 4300 ?        S      0:00 /usr/sbin/named /etc/named.conf.inside
 4343 ?        S      0:00 /usr/sbin/named /etc/named.conf.outside

LOG

Starting "inside" server first:

Sep  6 18:53:24 ns1 named[4299]: starting.  named 8.2.2-P5 Mon F [deleted]
... loading zones...
Sep  6 18:53:24 ns1 named[4299]: listening on [127.0.0.1].53 (lo)
Sep  6 18:53:24 ns1 named[4299]: listening on [10.4.0.13].53 (eth0)
Sep  6 18:53:24 ns1 named[4299]: Forwarding source address is [0.0.0.0].2239
Sep  6 18:53:24 ns1 named[4300]: Ready to answer queries.

Starting "outside" server:
Sep  6 18:54:26 ns1 named[4342]: starting.  named 8.2.2-P5 Mon Feb [deleted]
...loading zones...
Sep  6 18:54:26 ns1 named[4342]: ctl_server: bind: Address already in use
Sep  6 18:54:26 ns1 named[4342]: listening on [10.4.0.14].53 (eth1)
Sep  6 18:54:26 ns1 named[4342]: Forwarding source address is [0.0.0.0].2240
Sep  6 18:54:26 ns1 named[4343]: Ready to answer queries.

CONFIGS: heavily clipped here; ACLs not shown (they work)

inside:

options {
        fetch-glue no;                          // be less wasteful,
        recursion yes;                          // be helpful,

        pid-file  "/home/DOMAIN/DNS/run/named-inside.pid"; 
        listen-on { 127.0.0.1; 10.4.0.13; };    // eg. ns1.net.DOMAIN.com,

        directory "/home/DOMAIN/DNS";
};

zone "DOMAIN.com" {
        type master;
        file "DOMAIN.com";
        allow-query { any; };
	allow-transfer { list of inside hosts; };
	also-notify { list of inside hosts; };
};

Outside:

options {
        fetch-glue no;                          // do no favors,
        recursion no;                           // and only this one zone,
        pid-file  "/home/DOMAIN/DNS/run/named.pid.outside"; 
        listen-on { 10.4.0.14; };               // the second ethernet only!
};

zone "DOMAIN.com" {
        type master;
	allow-transfer { list of outside hosts; };
	also-notify { list of outside hosts; };
        file "DOMAIN.com";
};

---
INFORMATION GLADLY GIVEN BUT SAFETY REQUIRES AVOIDING UNNECESSARY CONVERSATION