9 Replies Latest reply on Dec 22, 2009 6:10 PM by 807567

    Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7

    807567
      My Old verion "Solaris 10 x86 Generic_Patch_118844-30" can be run "Bind 9 DNS Server" in chroot mode.
      And this is no any problem.

      I have been try to use "Bind 9 DNS Server" in Solairs 10 x86 u6 or u7.
      The result is not any problem.

      But when I turn it run in the chroot mode. the "Bind 9 DNS Server" cannot run.

      I have been manuelly run the named:-
      /usr/sbin/named -c /etc/named.conf -t /chroot/dns -u named -f -g

      The respond is :-
      13-May-2009 02:17:46.623 starting BIND 9.3.6-P1 -c /etc/named.conf -t /chroot/dns -u named -f -g
      13-May-2009 02:17:46.624 found 1 CPU, using 1 worker thread
      13-May-2009 02:17:46.627 socket.c:3259: unexpected error:
      13-May-2009 02:17:46.627 open(/dev/poll) failed: No such file or directory
      13-May-2009 02:17:46.628 ./main.c:495: unexpected error:
      13-May-2009 02:17:46.628 isc_socketmgr_create() failed: file not found
      13-May-2009 02:17:46.629 create_managers() failed: unexpected error
      13-May-2009 02:17:46.629 exiting (due to early fatal error)

      Look like the bind 9 runing in the chroot mode after that cannot find /dev/poll

      Even I use Bind 9 version 9.6.0, the result is same.

      So, I don't sure the problem are the Bind 9 or Solaris 10 u6/u7

      I try to continous install New verion Bind 9 in my old version Solaris 10.

      THE Result is NO ANY PROBLEM in old version Solaris 10.

      And I already bypass the SMF problem.

      Anyone can tell me what the problem in solaris 10 u6/u7?
        • 1. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
          807567
          Looks like something reported similar bug:

          [BIND fails to start|http://bugs.opensolaris.org/view_bug.do%3Bjsessionid=376e1152f0ddc75829ed1725542e?bug_id=6799867]

          but I am somewhat puzzled why there is no follow up on the bug fixing.

          Ok, I found the source (may be?):

          From named:

          http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/bind/bind-9.3.6-P1/bin/named/main.c
              462 static isc_result_t
              463 create_managers(void) {
              464      isc_result_t result;
              465      unsigned int socks;
              466 
              467 #ifdef ISC_PLATFORM_USETHREADS
              468      if (ns_g_cpus == 0)
              469           ns_g_cpus = ns_g_cpus_detected;
              470      isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
              471                 ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s",
              472                 ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s",
              473                 ns_g_cpus, ns_g_cpus == 1 ? "" : "s");
              474 #else
              475      ns_g_cpus = 1;
              476 #endif
              477      result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr);
              478      if (result != ISC_R_SUCCESS) {
              479           UNEXPECTED_ERROR(__FILE__, __LINE__,
              480                      "isc_taskmgr_create() failed: %s",
              481                      isc_result_totext(result));
              482           return (ISC_R_UNEXPECTED);
              483      }
              484 
              485      result = isc_timermgr_create(ns_g_mctx, &ns_g_timermgr);
              486      if (result != ISC_R_SUCCESS) {
              487           UNEXPECTED_ERROR(__FILE__, __LINE__,
              488                      "isc_timermgr_create() failed: %s",
              489                      isc_result_totext(result));
              490           return (ISC_R_UNEXPECTED);
              491      }
              492 
              493      result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks);===========================> here. (notice the error message and the actual function called are not the same).
              494      if (result != ISC_R_SUCCESS) {
              495           UNEXPECTED_ERROR(__FILE__, __LINE__,
              496                      "isc_socketmgr_create() failed: %s",
              497                      isc_result_totext(result));
              498           return (ISC_R_UNEXPECTED);
              499      }
              500      result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks);
              501      if (result == ISC_R_SUCCESS) {
              502           isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
              503                      NS_LOGMODULE_SERVER,
              504                      ISC_LOG_INFO, "using up to %u sockets", socks);
              505      }
              506 
              507      result = isc_entropy_create(ns_g_mctx, &ns_g_entropy);
              508      if (result != ISC_R_SUCCESS) {
              509           UNEXPECTED_ERROR(__FILE__, __LINE__,
              510                      "isc_entropy_create() failed: %s",
              511                      isc_result_totext(result));
              512           return (ISC_R_UNEXPECTED);
              513      }
              514 
              515      result = isc_hash_create(ns_g_mctx, ns_g_entropy, DNS_NAME_MAXWIRE);
              516      if (result != ISC_R_SUCCESS) {
              517           UNEXPECTED_ERROR(__FILE__, __LINE__,
              518                      "isc_hash_create() failed: %s",
              519                      isc_result_totext(result));
              520           return (ISC_R_UNEXPECTED);
              521      }
              522 
              523      return (ISC_R_SUCCESS);
              524 }
          And in isc_socketmgr_create2():
             3384 isc_result_t
             3385 isc_socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
             3386                 unsigned int maxsocks)
             3387 {
          
          <SNIP>
           
             3488 
             3489      /*
             3490       * Set up initial state for the select loop
             3491       */
             3492      result = setup_watcher(mctx, manager);===============================>will call open() on /dev/poll.
             3493      if (result != ISC_R_SUCCESS)
             3494           goto cleanup;
             3495      memset(manager->fdstate, 0, manager->maxsocks * sizeof(int));
           
          Other the above, I cannot really understand or help further. But I know it should fail in somewhere in setup_watcher() in socket.c.
          • 2. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
            Robert Cohen
            It appears to be failing because it can't access /dev/poll.
            So it will probably work if you install a /dev/poll device inside your chroot jail.

            Something like rsync will copy it with the correct major/minor device numbers.
            Not sure what else will, maybe tar.

            Alternatively there may be a configure option to tell it not to use /dev/poll
            • 3. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
              807567
              If you can find out the solution to fixed this problem, please give me an answer.

              Thank you very much
              • 4. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
                807567
                The following is a copy/paste from the url below:
                I ran:

                # cd /var/named/dev
                # mknod poll c 138 0
                # chmod 666 poll

                And everything worked fine. I'm not sure if Sun built things
                differently or there is a new requirement on this /dev/poll file.
                Regardless all seems to be working OK now.

                Ray
                https://lists.isc.org/pipermail/bind-users/2009-February/075237.html
                • 5. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
                  807567
                  hi

                  Yes , I had the same issue

                  And these steps solved it

                  But need further testing

                  Thanks
                  • 6. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
                    807567
                    MANY THANKS!

                    This worked for me too!!!


                    .
                    • 7. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
                      807567
                      This worked fine for me on my sparc workstations but not on x86. Any suggestions?
                      • 8. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
                        807567
                        The major device number might be different, try grep poll /etc/name_to_major to check.
                        • 9. Re: Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
                          807567
                          I'm running x86 version SunOS 5.10 Generic_141445-09. The command, with the correct major/minor numbers, is
                          mknod dev/poll c 135 0