[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BIND 9 questions

To: misc@openbsd.org
Subject: BIND 9 questions
From: "Mark D Robinson" <mrobinso@fpkc.com>
Date: Wed, 02 Jul 2003 15:03:29 -0500

I've got a couple of (probably dumb newbie) questions about running BIND 9 on OpenBSD that I'm hoping someone can help me with. I've read the man pages, the FAQ, searched the list archives, but haven't found any answers yet.

I'm running a vanilla OpenBSD 3.3-release installation with the included BIND 9.2.2.

I've based my named.conf on Rob Thomas' excellent Secure BIND Template
http://www.cymru.com/Documents/secure-bind-template.html . It requires some editing for the default OpenBSD3.3/BIND 9.2.2 config, but nothing too major.

He's got a view to restrict chaos class queries and he uses /dev/null as the hints file:

zone "." {
type hint;
file "/dev/null";
};

After an initial set of errors, I thought that because BIND is chrooted to /var/named that it couldn't access /dev/null, so based on the mknod man page and /dev/MAKEDEV, I ran
mknod -m a=rw /var/named/dev/null c 2 2
and changed the file mode to crw-rw-rw-. Now I get these errors:

Jul 2 14:18:55 artemis named[8491]: /usr/src/usr.sbin/bind/lib/isc/unix/errno2result.c:109: unexpected error:
Jul 2 14:18:55 artemis named[8491]: unable to convert errno to isc_result: 6: Device not configured
Jul 2 14:18:55 artemis named[8491]: could not configure root hints from '/dev/null': unexpected error

It works fine if I use a empty file as the chaos hints file. So my questions are, what did I do wrong and is there any advantage to using /dev/null over an ordinary file?

My other question regards the log file. Rob has some messages going to a separate log file.

channel audit_log {
// Send the security related messages to a separate file.
file "/var/named/named.log";
severity debug;
print-time yes;
};

But when I try this, I get this error message

Jul 2 13:38:16 artemis named[31373]: logging channel 'audit_log' file '/var/named/named.log': file not found

Named still starts, but it doesn't create the log file. I tried using /named.log or even /master/named.log, but then I get "access denied" errors. Any ideas on what I'm doing wrong here?

Thanks.

Mark Robinson

Follow-Ups:
- Re: BIND 9 questions
  - From: Okan Demirmen <okan@demirmen.com>

Prev by Date: Re: Getting the CD player to play CD's
Next by Date: Re: Getting the CD player to play CD's
Prev by thread: Re: Getting the CD player to play CD's
Next by thread: Re: BIND 9 questions
Index(es):
- Date
- Thread