Xen users - Oct 2010 - Named in domu listening on only some IP addresses

I just noticed that the named instance I have running in my dom0 is only
listening on some addresses.

Netstat -ln shows the following relevant listeners:

tcp  0      0 192.168.122.1:53      0.0.0.0:*                   LISTEN
tcp  0      0 127.0.0.1:53          0.0.0.0:*                   LISTEN
tcp  0      0 127.0.0.1:953         0.0.0.0:*                   LISTEN
tcp  0      0 ::1:53                :::*                        LISTEN
tcp  0      0 ::1:953               :::*                        LISTEN
udp  0      0 192.168.122.1:53      0.0.0.0:*
udp  0      0 127.0.0.1:53          0.0.0.0:*
udp  0      0 ::1:53                :::*

What''s missing from this list is 192.168.1.19 -- the primary IP for the
dom0!

(Bridged network configuration, obviously!)

Which explains why from various domUs and from outside boxes I can''t in
fact use the DNS server on this machine.

My DNS config seems compatible with the "caching-only" nameserver
config
in the Bind admin manual (with more zones pre-loaded).  It''s
what''s
installed by default in Centos 5.whatever I believe.  It doesn''t
contain
an "allow-query" clause; the doc says the default for allow-query is
"any".

Is anybody else running named in caching-only mode in a Xen dom0?  Or at
least a domU?  I suspect this is some intersection of xen and named
behavior, but there must be lots of people here running caching-only
nameservers, so somebody must have a working example they could show me?
-- 
David Dyer-Bennet, dd-b@dd-b.net; http://dd-b.net/
Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/
Photos: http://dd-b.net/photography/gallery/
Dragaera: http://dragaera.info


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

David Dyer-Bennet wrote:
>I just noticed that the named instance I have running in my dom0 is only
>listening on some addresses.
>
>Netstat -ln shows the following relevant listeners:
>
>tcp  0      0 192.168.122.1:53      0.0.0.0:*                   LISTEN
>tcp  0      0 127.0.0.1:53          0.0.0.0:*                   LISTEN
>tcp  0      0 127.0.0.1:953         0.0.0.0:*                   LISTEN
>tcp  0      0 ::1:53                :::*                        LISTEN
>tcp  0      0 ::1:953               :::*                        LISTEN
>udp  0      0 192.168.122.1:53      0.0.0.0:*
>udp  0      0 127.0.0.1:53          0.0.0.0:*
>udp  0      0 ::1:53                :::*
>
>What''s missing from this list is 192.168.1.19 -- the primary IP for
the dom0!
What happens if you stop and start the service (not reload or 
restart) after starting Xen and any guests ?

If it''s still the same then I''d say you need to look at the
config -
does the OS have a file for declaring startup options ?
I don''t think this is anything to do with ACLs in your BIND config - 
if (for example) you specify an "allow-query" clause, that
doesn''t
control which interfaces/IPs the service will listen on.

If stopping/starting the service brings it up on all interfaces/IPs, 
then perhaps something isn''t ready at the time BIND starts.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu, October 28, 2010 12:10, Simon Hobson wrote:
> David Dyer-Bennet wrote:
>>I just noticed that the named instance I have running in my dom0 is only
>>listening on some addresses.
>>
>>Netstat -ln shows the following relevant listeners:
>>
>>tcp  0      0 192.168.122.1:53      0.0.0.0:*                   LISTEN
>>tcp  0      0 127.0.0.1:53          0.0.0.0:*                   LISTEN
>>tcp  0      0 127.0.0.1:953         0.0.0.0:*                   LISTEN
>>tcp  0      0 ::1:53                :::*                        LISTEN
>>tcp  0      0 ::1:953               :::*                        LISTEN
>>udp  0      0 192.168.122.1:53      0.0.0.0:*
>>udp  0      0 127.0.0.1:53          0.0.0.0:*
>>udp  0      0 ::1:53                :::*
>>
>>What''s missing from this list is 192.168.1.19 -- the primary IP
for the
>> dom0!
>
> What happens if you stop and start the service (not reload or
> restart) after starting Xen and any guests ?
>
> If it''s still the same then I''d say you need to look at
the config -
> does the OS have a file for declaring startup options ?
> I don''t think this is anything to do with ACLs in your BIND config
-
> if (for example) you specify an "allow-query" clause, that
doesn''t
> control which interfaces/IPs the service will listen on.
I played with allow-query and listen-on clauses, and wasn''t getting
anywhere.

However, I had the brilliant idea of completely uninstalling the packages,
and reinstalling, and THAt cleaned things up.  (It was messed in a couple
of ways, and more complicated than I thought; the Centos (meaning RedHat
EL) init file copies things from /etc to /var/named/chroot/etc and does
other interesting things, and some of that was broken somehow.
> If stopping/starting the service brings it up on all interfaces/IPs,
> then perhaps something isn''t ready at the time BIND starts.
Good thought, but I''d tried stop/start sequences while changing the
config, and they didn''t get it up right.  (I hadn''t thought
specifically
of testing for that sort of timing problems, but it happened
coincidentally with other things I was trying.)

All good now!  Thanks for the suggestions.

-- 
David Dyer-Bennet, dd-b@dd-b.net; http://dd-b.net/
Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/
Photos: http://dd-b.net/photography/gallery/
Dragaera: http://dragaera.info


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users