On Tue, 2005-11-15 at 17:00 +0300, Dmitry Koterov wrote:
> Hello.
>
> Shortly: when I use BIND (or PowerDNS) inside vserver listening
> ALL addresses (0.0.0.0), nslookup to server 127.0.0.1 shows error
> message "reply from unexpected source: 213.248.62.106#53,
> expected 127.0.0.1#53"
Which is true, as your nameserver (powerdns or bind) is assigned
your vserver interface as primary interface and answers are sent with
that source.
> Long description. I have installed linux-vserver (named "zulu")
> on kernel 2.6.12.5 and set up one real IP for it -
> 213.248.62.106:
>
> [root@zulu /]# ifconfig
> eth0 Link encap:Ethernet HWaddr 00:30:48:75:13:D2
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:39623139 errors:0 dropped:0 overruns:0 frame:0
> TX packets:18575687 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:50148146621 (46.7 GiB) TX bytes:1249870165 (1.1 GiB)
> Base address:0x3000 Memory:dd300000-dd320000
>
> eth0:zulu Link encap:Ethernet HWaddr 00:30:48:75:13:D2
> inet addr:213.248.62.106 Bcast:213.248.62.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> Base address:0x3000 Memory:dd300000-dd320000
>
> First question: why doesn't ifconfig show "lo" interface?
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lo is not assigned to your context and therefor not shown.
> Then, I installed named (BIND), compiled it with
> --disable-linux-caps before. BIND listens on all IP addresses
> inside vserver:
>
> [root@zulu /]# netstat -na
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 213.248.62.106:53 0.0.0.0:* LISTEN
> udp 0 0 213.248.62.106:53 0.0.0.0:*
> ...
This shows only listening on your vserver ip address. And answering to
the world ;)
> Then I try nslookup:
>
> [root@zulu /]# nslookup
> > server 127.0.0.1
> Default server: 127.0.0.1
> Address: 127.0.0.1#53
> > hostmag.ru.
> ;; reply from unexpected source: 213.248.62.106#53, expected 127.0.0.1#53
> ;; reply from unexpected source: 213.248.62.106#53, expected 127.0.0.1#53
FWIR: The first interface brought up in the context is 'assigned' the
functionality of lo0.
For a more detailed explaination you have to rely on the
developers/experts answer(s)... I'm just a simple end user ;)
> Second question: what's wrong? Why BIND tries to answer from
> vserver IP address, but NOT from localhost which I used?
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
localhost is just a name, so I guess you're refering to the loopback
ip address which defaults to 127.0.0.1
As I explained above, 127.0.0.1 is not assigned to your guest context
and so is not used as reply address by your nameserver
> I have also tried PowerDNS instead of BIND - absolutely same
> effect.
As to be expected.
> I do not want to write 213.248.62.106 in my resolv.conf, because
> this IP may be changed one fine day, or vserver will be moved to
> another machine.
It always needs an ip address, so why not rewrite /etc/resolv.conf
from pre-start or post-start and use the ip address assigned at time
as nameserver.
> Seems networking stack isolation in linux-vserver is not finished
> yet?
I don't know the answer to this one, but it seems that it is doing
its job quite nicely ;)
-- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserverReceived on Tue Nov 15 16:47:28 2005