[Pdns-users] Recursor inside chroot jail?

John Miller johnmill at brandeis.edu
Thu Feb 9 14:57:14 UTC 2012

On 02/07/2012 06:27 PM, John Miller wrote:
> Hello everyone,
> How many of you are running an RPM of the recursors inside a Linux
> chroot jail? Given the troubles I'm having getting this rolling, I'm
> questioning its wisdom.
> OS: Red Hat Enterprise Linux, v. 6.1
> Recursor version: Kees Monshouwer's RPM:
> http://www.monshouwer.eu/download/3rd_party/pdns-recursor/el6/x86_64/pdns-recursor-3.3-1.el6.MIND.x86_64.rpm
> I've also tried the 3.3-1 x86_64 RPM from the PowerDNS website.
> Let's say I set chroot=$CHROOT_DIR in recursor.conf, keep the default
> socket-dir=/var/run, and start up the recursor. No problem--starts fine.
> Now if I run
> rec_control ping
> I get the following error:
> Fatal: Unable to connect to remote
> '/var/run/pdns_recursor.controlsocket': Connection refused
> This is to be expected: rec_control's looking for the socket in
> /var/run, while the recursor's looking in $CHROOT_DIR/var/run. If I put
> the entire /var/run directory inside the chroot, then symlinked /var/run
> to $CHROOT_DIR/var/run, things would work. But why should the chroot
> environment know about my other pidfiles?
> So now let's say I set socket-dir=/var/run/powerdns, and symlink
> /var/run/powerdns to $CHROOT_DIR/var/run/powerdns. The recursor starts
> fine and puts the socket where I expect it. It also puts the pidfile
> there. Now when I go to shut down the recursor, I have to kill the
> process and delete the pidfile manually--the initscript looks for the
> pidfile in /var/run. This happens with both the x86_64 RPM on the site
> and with Kees' version.
> Looks like the solution here is to edit the initscript. Is that what
> everyone's done for this problem?
> John Miller
> Brandeis University

Problem solved--just edited the packaged initscript to look for the 
pidfile inside my chroot.


More information about the Pdns-users mailing list