bind-chroot queries on symbolic Links to named.conf

Grant Taylor gtaylor at tnetconsulting.net
Thu Dec 9 18:04:40 UTC 2021 

On 12/9/21 12:18 AM, Harshith Mulky wrote:
> Hello Experts

Hi,

I'm fairly certain that I'm not an expert, but I've dealt with BIND in 
chroot recently.

> I need some help with bind-chroot
> 
> We are running below version of bind and bind-chroot
> 
> bind-9.11.2-lp151.10.1.x86_64
> bind-chrootenv-9.11.2-lp151.10.1.x86_64

First, which platform and version?

> Our Automation code is running to add Zone files to 
> /var/lib/named/etc/named.conf only and not to /etc/named.conf

Is that the path that your automation is using?  Or is that the path to 
the named.conf file independent of your automation's influence?

> So in order to reflect the zone files created in 
> /var/lib/named/etc/named.conf in /etc/named.conf, i created a symbolic 
> link in /etc as "ln -s /var/lib/named/etc/named.conf named.conf" to 
> reflect as below
> lrwxrwxrwx 1 root root 29 Dec  9 11:03 named.conf -> 
> /var/lib/named/etc/named.conf

Please clarify, was this done outside of the chroot or is this a 
reference to /etc/named.conf inside the chroot?

> Now, when I make changes to file in /var/lib/named/etc/named.conf and do 
> a "service named restart"
> The file in /etc/named.conf fails to Load

Is this "/etc/named.conf" inside of or outside of the chroot?

> Error messages in /var/log/messages as below
> 
> 2021-12-09T11:04:46.684677+05:30 lavasadns1 systemd[1]: Stopped Berkeley 
> Internet Name Domain (DNS).
> 2021-12-09T11:04:46.685049+05:30 lavasadns1 systemd[1]: Starting 
> Berkeley Internet Name Domain (DNS)...
> 2021-12-09T11:04:46.735359+05:30 lavasadns1 named.init[2509]: Starting 
> name server BIND cp: cannot stat '/etc/named.conf': No such file or 
> directory
> 2021-12-09T11:04:46.844546+05:30 lavasadns1 named.init[2509]: open: 
> /etc/named.conf: file not found
> 2021-12-09T11:04:46.847806+05:30 lavasadns1 systemd[1]: named.service: 
> Control process exited, code=exited status=6
> 2021-12-09T11:04:46.848137+05:30 lavasadns1 systemd[1]: Failed to start 
> Berkeley Internet Name Domain (DNS).
> 2021-12-09T11:04:46.848475+05:30 lavasadns1 systemd[1]: named.service: 
> Unit entered failed state.
> 2021-12-09T11:04:46.848772+05:30 lavasadns1 systemd[1]: named.service: 
> Failed with result 'exit-code'.
> 2021-12-09T11:05:31.657460+05:30 lavasadns1 systemd[1]: Starting 
> Berkeley Internet Name Domain (DNS)...
> 2021-12-09T11:05:31.666976+05:30 lavasadns1 named.init[2573]: Name 
> server configuration file /etc/named.conf does not exist.
> 2021-12-09T11:05:31.667600+05:30 lavasadns1 systemd[1]: named.service: 
> Control process exited, code=exited status=6

This is almost certainly from viewed as inside of the chroot.  Thus it 
is quite likely really the /var/lib/named/etc/named.conf file, assuming 
that's the proper path for the chroot.

> and the Symbolic link changes color to Red.

That sounds to me like the sym-link is broken.  I don't know what is 
creating the break.  Either it was broken in the first place (bad paths 
used when creating it) or something removed / moved files. Or....

> Why is this happening?

Not yet.

> And how can avoid this error

You're going to need to do some more investigation to identify the 
underlying cause.

If things work properly before automation and then break after 
automation I'd guess that automation is doing something that is 
incompatible with how you're trying to do things.

I'd suggest looking at the output of "namei -l" on any and all 
named.conf (et al.) files involved using any and all paths, both before 
and after automation.  Hopefully that will give some more information as 
to what might be wrong.

Note:  If you don't have namei installed, you can get similar 
information manually by doing an ls -l on each component in the path; 
/etc/named.conf becomes /etc/named.conf, /etc, and /.  Namei just makes 
that much more convenient, especially for deeper files.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20211209/c3c5b6d6/attachment.bin>

More information about the bind-users mailing list