forum.netbsd.se - NetBSD Sweden

You are not logged in.

#1 2004-05-17 16:14:28

jlm
Member
Registered: 2004-05-17
Posts: 3

Bind9

Hi!

I just installed a bind9 on Netbsd 1.6.2 using ordinary pkgsrc installation.
Then I set up bind to run in a chroot jail using a guide at:

http://othyro.freeshell.org/bind.html

When I start my named I get 3 error messages saying:
May 17 13:44:44 dns named[279]: errno2result.c:109: unexpected error:
May 17 13:44:44 dns named[279]: unable to convert errno to isc_result: 6: Device not configured
May 17 13:44:44 dns named[279]: could not open entropy source /dev/random: unexpected error


Does anyone have a clue what this means?

//Jesper.

Offline

 

#2 2004-05-17 17:12:21

mikael
Member
From: Stockholm, Sweden
Registered: 2004-05-11
Posts: 101

Re: Bind9

Check the permissions within the chroot. Is the path accessible for user named:named?

Offline

 

#3 2004-05-17 17:30:56

fredrik
Administrator
From: Göteborg, Sweden
Registered: 2004-05-10
Posts: 229
Website

Re: Bind9

When running services in chroot all files that the service needs(bind) have to exist whitin the chroot jail.

quote: http://www.muine.org/~hoang/dns.html#secure
Starting with BIND 9.2.0, it requires /dev/random in chroot, so populate it:

# mknod /var/chroot/named/dev/random c 46 0

Offline

 

#4 2004-05-17 18:41:00

jlm
Member
Registered: 2004-05-17
Posts: 3

Re: Bind9

I did populate dev/random in chroot but used (from guide)

# mknod /var/chroot/named/dev/random c 39 0

What is the difference?

I´m not that experienced with NetBSD but need to build a stable DNS and the guides I found almost got the job done, seems that some permissions still needs to be fixed within chroot.
I tried to run named without the chroot jail and that works just fine.

Offline

 

#5 2004-05-17 18:46:54

fredrik
Administrator
From: Göteborg, Sweden
Registered: 2004-05-10
Posts: 229
Website

Re: Bind9

if you are running i386(you did not say your arch):

"39" is /* 39: Mitsumi CD-ROM */
and
"46" is /* 46: random source pseudo-device */

according to /usr/src/sys/arch/i386/i386/conf.c

Offline

 

#6 2004-05-17 18:58:02

jlm
Member
Registered: 2004-05-17
Posts: 3

Re: Bind9

Hi!

Sorry about that, i´m running i386.

That helped, Thanks!

Jesper

Offline

 

#7 2004-05-17 19:02:44

fredrik
Administrator
From: Göteborg, Sweden
Registered: 2004-05-10
Posts: 229
Website

Re: Bind9

smile

Offline

 

#8 2004-07-07 06:39:18

othyro
Guest

Re: Bind9

In the article, I should have mentioned that it was tested on the alpha platform. /dev/MAKEDEV contains the correct major and minor device numbers for null and random. Glad it works for you and the article helped. That was the purpose in writing it.

 

Board footer

Powered by PunBB
© Copyright 2002–2008 PunBB