[nsd-users] NSD include: inside chroot

Ralph Dolmans ralph at nlnetlabs.nl
Wed Nov 16 17:06:30 UTC 2016 

Hi Michael,

This is a bug in the config parser in NSD, which is triggered by the
combination of a "*" in your include config element, chroot and
nsd-control reconfig.

The chroot directory was only removed from the include files location
after calling glob(). First time NSD reads the config there is no
problem because it didn't call chroot() yet.

A fix for this issue was committed to our repository on Oct 18.

Regards,
-- Ralph

On 16-11-16 17:24, Michael Rice wrote:
> Hi all,
> 
>  
> 
> I couldn’t find this on the mailing list, please point me to the
> discussion if it has been raised already.
> 
>  
> 
> I’m getting an error on an include: line when I run nsd-control reconfig
> for a chrooted nsd:
> 
>  
> 
> mrice at csi03:~ % sudo nsd-checkconf /var/chroot/nsd/etc/nsd/nsd.conf
> 
> mrice at csi03:~ % sudo nsd-control reload
> 
> ok
> 
> mrice at csi03:~ % sudo nsd-control reconfig
> 
> reconfig start, read /etc/nsd/nsd.conf
> 
> /etc/nsd/nsd.conf:24: error: cannot open include file
> '/etc/nsd/conf.d/*.conf': No such file or directory
> 
> read /etc/nsd/nsd.conf failed: 1 errors in configuration file
> 
>  
> 
>  
> 
> Here’s what I’m running and running on:
> 
>  
> 
> mrice at csi03:~ % rpm -qa nsd
> 
> nsd-4.1.10-2.el7.x86_64
> 
> mrice at csi03:~ % cat /etc/redhat-release
> 
> Red Hat Enterprise Linux Server release 7.2 (Maipo)
> 
>  
> 
> There are in fact /etc/nsd/conf.d/*.conf in the chroot.
> 
>  
> 
> mrice at csi03:~ % sudo ls -al /var/chroot/nsd/etc/nsd/conf.d/
> 
> total 12
> 
> drwx------. 2 nsd nsd  91 Nov 16 10:21 .
> 
> drwx------. 3 nsd nsd  34 Nov 14 12:29 ..
> 
> -rw-------. 1 nsd nsd  95 Nov 14 12:29 key:sarc-infoblox.conf
> 
> -rw-------. 1 nsd nsd 127 Nov 14 12:29 key:sarc-rndckey.conf
> 
> -rw-------. 1 nsd nsd 236 Nov 14 12:29 sarc.samsung.com.conf
> 
>  
> 
> Here is my nsd.conf:
> 
>  
> 
> mrice at csi03:~ % sudo cat /var/chroot/nsd/etc/nsd/nsd.conf
> 
> server:
> 
>     ip-address: 0.0.0.0
> 
>     do-ip6: no
> 
>     hide-version: yes
> 
>     chroot: "/var/chroot/nsd"
> 
>     username: nsd
> 
>     zonesdir: "/var/chroot/nsd/zonefiles"
> 
>     difffile: "/var/chroot/nsd/db/nsd/ixfr.db"
> 
>     xfrdfile: "/var/chroot/nsd/db/nsd/xfrd.state"
> 
>     database: "/var/chroot/nsd/db/nsd/nsd.db"
> 
>     pidfile: "/var/chroot/nsd/db/nsd/nsd.pid"
> 
>     zonelistfile: "/var/chroot/nsd/var/lib/nsd/zone.list"
> 
>     xfrdir: "/var/chroot/nsd/tmp"
> 
>  
> 
> remote-control:
> 
>     control-enable: yes
> 
>     control-interface: 0.0.0.0
> 
>     control-port: 8952
> 
>     server-key-file: "/etc/nsd/nsd_server.key"
> 
>     server-cert-file: "/etc/nsd/nsd_server.pem"
> 
>     control-key-file: "/etc/nsd/nsd_control.key"
> 
>     control-cert-file: "/etc/nsd/nsd_control.pem"
> 
>  
> 
> include: "/var/chroot/nsd/etc/nsd/conf.d/*.conf"
> 
>  
> 
>  
> 
> Can someone spot what I’m doing wrong?
> 
>  
> 
> Michael Rice
> 
> IT Architect
> 
> Samsung Austin R&D Center (SARC)
> 
> 7300 RR 2222, Building 1, Suite 100
> 
> Austin, TX 78730
> 
> 512-425-2521 (office)
> 
> 512-577-2910 (mobile)
> 
>  
> 
> 
> 
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>

More information about the nsd-users mailing list