[Pdns-users] Recursor inside chroot jail?
John Miller
johnmill at brandeis.edu
Tue Feb 7 23:27:27 UTC 2012
Hello everyone,
How many of you are running an RPM of the recursors inside a Linux
chroot jail? Given the troubles I'm having getting this rolling, I'm
questioning its wisdom.
OS: Red Hat Enterprise Linux, v. 6.1
Recursor version: Kees Monshouwer's RPM:
http://www.monshouwer.eu/download/3rd_party/pdns-recursor/el6/x86_64/pdns-recursor-3.3-1.el6.MIND.x86_64.rpm
I've also tried the 3.3-1 x86_64 RPM from the PowerDNS website.
Let's say I set chroot=$CHROOT_DIR in recursor.conf, keep the default
socket-dir=/var/run, and start up the recursor. No problem--starts fine.
Now if I run
rec_control ping
I get the following error:
Fatal: Unable to connect to remote
'/var/run/pdns_recursor.controlsocket': Connection refused
This is to be expected: rec_control's looking for the socket in
/var/run, while the recursor's looking in $CHROOT_DIR/var/run. If I put
the entire /var/run directory inside the chroot, then symlinked /var/run
to $CHROOT_DIR/var/run, things would work. But why should the chroot
environment know about my other pidfiles?
So now let's say I set socket-dir=/var/run/powerdns, and symlink
/var/run/powerdns to $CHROOT_DIR/var/run/powerdns. The recursor starts
fine and puts the socket where I expect it. It also puts the pidfile
there. Now when I go to shut down the recursor, I have to kill the
process and delete the pidfile manually--the initscript looks for the
pidfile in /var/run. This happens with both the x86_64 RPM on the site
and with Kees' version.
Looks like the solution here is to edit the initscript. Is that what
everyone's done for this problem?
John Miller
Brandeis University
More information about the Pdns-users
mailing list