Yes, it's a bug, or more accurately a whole mess of bugs, probably in
both bind9 and in gbindadmin, but especially in gbindadmin. Changing
bind to match gbindadmin would be a huge exercise of the tail wagging
the dog. The administrative tool should follow the underlying program,
not the other way around.
gbindadmin assumes that bind will be run in a secure manner. As it ships
from Ubuntu, the default install of bind9 is to run with suid root, and
not in a chroot jail, both of which are deprecated in the bind9
documentation. The fix is as follows:
-OPTIONS=""
+OPTIONS="-u bind -t /var/lib/named/ -c /etc/bind/named.conf"
(see /etc/init.d/bind9)
The default command channel in gbindadmin's named.conf (127.0.0.1) seems
to cause conflicts. It should be changed to 127.0.0.3 (or whatever you
favorite number is. I got the number from the bind9-doc documentation),
and a setting created that will allow for a configurable control
address. (The same setting should be used when gbindadmin writes the
zone files, too.)
gbindadmin's install script should check to see what the OPTIONS are
(the pun was begging to be used) and offer to change the OPTIONS,
preferably with an editable field because there are so many different
possible use cases with bind.
gbindadmin's default chroot should be /var/lib/named instead of
/var/named. There exists already a setting to change it, but out of the
box, the config should "just work".
gbindadmin should put the named.conf file in /etc/bind/named.conf
instead of /etc/named.conf, and should add a setting that allows for
customizable path to named.conf. The workaround for now is to use a
hardlink between the two (for some reason, a symlink won't work), viz:
# ln $CHROOTDIR/bind/named.conf $CHROOTDIR/named.conf # I may not be
correct on the actual variable name; but you get the idea.
Similarly, the rndc key generation (i.e., rndc-confgen) is asymetric
between bind9 and gbindadmin. The default key length of bind9's install
script, rndc-confgen, and gbindadmin should all be 256, as it is in
gbindadmin, IMHO. But whatever key length you pick, it should be the
same between the three of them. Further, both bind9 and gbindadmin
should run rndc-confgen with the correct options, to wit:
# rndc-confgen -u bind -a -b 256 -s 127.0.0.3 -t /var/lib/named -c
/etc/bind/rndc.key
gbindadmin's "Reload Zones" function is also broken, I think because of
the same wrong paths and unset options for the "rndc reload" command as
for the rndc-confgen originally.
gbindadmin's named.conf file seems to be broken on the keys, too. I had
to delete the "key" stanza and remove the reference to the rndc_key in
the "controls" stanza. The following is what the controls stanza looks
like after the change:
#controls {
# inet 127.0.0.3 allow { localhost ; } ;
#};
(obviously, without the comment marks).
Finally, the man page for gbindadmin should be corrected and expanded.
Notably, the man page states that gbindadmin doesn't have any options,
which is true insofar as the command line goes, but untrue insofar as
configuration goes (see /etc/gbindadmin/settings.conf). Certainly at a
minimum, the location and meaning of each of the settings should be
documented in the man page. Even better would be some discussion of the
assumed configuration of named.
This all took me about three days to figure out, and I'd like to spare
others the pain and frustration.
I really, really like gbindadmin once it's up and working, especially in
conjunction with gdhcpd. I'm planning on including all the gadmintools
as a part of the GUI desktop server product I expect to release in Q3 of
2008.
Happy Trails,
Loye Young
Isaac & Young Computer Company
Laredo, Texas
http://www.iycc.biz
** Also affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: bind9 (Ubuntu)
Status: New => Confirmed
** Changed in: gbindadmin (Ubuntu)
Status: New => Confirmed
--
Settings root differs from that of bind9 package
https://bugs.launchpad.net/bugs/162821
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
