[Pdns-users] pdns-recursor 3.1.4 + chroot: = error

Fri Nov 2 06:55:09 UTC 2007

Hi, I'm newbie here and on pdns, too.

I just begin to play with pdns-recursor 3.1.4 on my lab
machine and find that chroot: causes the problem. Does
anybody experience same as mine?

Problem:
Run pdns-recursor with recursor.conf contains 'chroot='.

Invoke rec_control --socket-dir=/appropriate/directory.

rec_control stuck and pdns_recursor gives the following
message.

Nov 02 06:26:20 Error dealing with control socket request: Unable to send message over control channel '/proj/powerdns/sandbox/var/run//lsockaxv4Sv': No such file or directory

This is all of my problem.

Invoke rec_control without --socket-dir gives the message

[root at yuina sandbox]# /proj/powerdns/bin/rec_control ping
Fatal: Unable to connect to remote '/var/run/pdns_recursor.controlsocket': Connection refused

so, I guess --socket-dir is mandatory when running
pdns_recursor with "chroot=".

Environment:
kohi at yuina[9]% uname -a
Linux yuina.himoo.iri.co.jp 2.6.18-8.1.15.el5 #1 SMP Mon Oct 22 08:32:04 EDT 2007 i686 i686 i386 GNU/Linux
kohi at yuina[10]% cat /etc/redhat-release 
CentOS release 5 (Final)

Configuration:
#
#	$Id$
#
allow-from=127.0.0.1/32, 10.2.0.0/27
chroot=/proj/powerdns/sandbox
#daemon=yes
daemon=no
local-address=10.2.0.2
log-common-errors=yes
logging-facility=3
serve-rfc1918=yes
setgid=bind
setuid=dns
socket-dir=/proj/powerdns/sandbox/var/run

Reason(just my guess):
Path name of chroot() sandbox isn't stripped off in
RecursorControlChannel::recv() [defined in rec_channel.cc].

rec_control is run without chroot(), so
"/proj/powerdns/sandbox/var/run/lsockblahblah"(on my case)
is returned into remote_addr.sun_path, but pdns_recursor is
now chroot()ed into "/proj/powerdns/sandbox/", so
"/var/run/lsockblahblah" rather
"/proj/powerdns/sandbox/var/run/lsockblahblah" is
appropriate.

Fix(quick and dirty):
----- 8< --------------------------------------------------
*** pdns-recursor-3.1.4/rec_channel.cc.ORG	Mon Nov 13 01:56:13 2006
--- pdns-recursor-3.1.4/rec_channel.cc	Fri Nov  2 15:23:58 2007
***************
*** 8,13 ****
--- 8,15 ----

  #include "ahuexception.hh"

+ #include "arguments.hh"
+ 
  using namespace std;

  RecursorControlChannel::RecursorControlChannel()
***************
*** 130,137 ****
    if((len=::recvfrom(d_fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&remoteaddr, &addrlen)) < 0)
      throw AhuException("Unable to receive message over control channel: "+string(strerror(errno)));

!   if(remote)
!     *remote=remoteaddr.sun_path;

    return string(buffer, buffer+len);
  }
--- 132,150 ----
    if((len=::recvfrom(d_fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&remoteaddr, &addrlen)) < 0)
      throw AhuException("Unable to receive message over control channel: "+string(strerror(errno)));

!   if(remote) {
!   char *remote_path;
!   ArgvMap &arg();
!  
!     remote_path=remoteaddr.sun_path;
!     if (!::arg()["chroot"].empty())
!       if (strncmp(remote_path, ::arg()["chroot"].c_str(), strlen(arg()["chroot"].c_str())) == 0)
! 	if (*(::arg()["chroot"].c_str() + strlen(arg()["chroot"].c_str()) - 1) == '/') 
!           remote_path += strlen(arg()["chroot"].c_str()) - 1;
! 	else
!           remote_path += strlen(arg()["chroot"].c_str());
!     *remote=remote_path;
!   }

    return string(buffer, buffer+len);
  }
----- 8< --------------------------------------------------

This must be more sophisticated because I'm not familiar
with C++.

Thanks in advance.

						Koh-ichi Ito
				Internet Research Institute, Inc.