NSD include: inside chroot

Michael_Rice · November 16, 2016, 4:24pm

Hi all,

I couldn’t find this on the mailing list, please point me to the discussion if it has been raised already.

I’m getting an error on an include: line when I run nsd-control reconfig for a chrooted nsd:

mrice@csi03:~ % sudo nsd-checkconf /var/chroot/nsd/etc/nsd/nsd.conf

mrice@csi03:~ % sudo nsd-control reload

ok

mrice@csi03:~ % sudo nsd-control reconfig

reconfig start, read /etc/nsd/nsd.conf

/etc/nsd/nsd.conf:24: error: cannot open include file ‘/etc/nsd/conf.d/*.conf’: No such file or directory

read /etc/nsd/nsd.conf failed: 1 errors in configuration file

Here’s what I’m running and running on:

mrice@csi03:~ % rpm -qa nsd

nsd-4.1.10-2.el7.x86_64

mrice@csi03:~ % cat /etc/redhat-release

Red Hat Enterprise Linux Server release 7.2 (Maipo)

There are in fact /etc/nsd/conf.d/*.conf in the chroot.

mrice@csi03:~ % sudo ls -al /var/chroot/nsd/etc/nsd/conf.d/

total 12

drwx------. 2 nsd nsd 91 Nov 16 10:21 .

drwx------. 3 nsd nsd 34 Nov 14 12:29 ..

-rw-------. 1 nsd nsd 95 Nov 14 12:29 key:sarc-infoblox.conf

-rw-------. 1 nsd nsd 127 Nov 14 12:29 key:sarc-rndckey.conf

-rw-------. 1 nsd nsd 236 Nov 14 12:29 sarc.samsung.com.conf

Here is my nsd.conf:

mrice@csi03:~ % sudo cat /var/chroot/nsd/etc/nsd/nsd.conf

server:

ip-address: 0.0.0.0

do-ip6: no

hide-version: yes

chroot: “/var/chroot/nsd”

username: nsd

zonesdir: “/var/chroot/nsd/zonefiles”

difffile: “/var/chroot/nsd/db/nsd/ixfr.db”

xfrdfile: “/var/chroot/nsd/db/nsd/xfrd.state”

database: “/var/chroot/nsd/db/nsd/nsd.db”

pidfile: “/var/chroot/nsd/db/nsd/nsd.pid”

zonelistfile: “/var/chroot/nsd/var/lib/nsd/zone.list”

xfrdir: “/var/chroot/nsd/tmp”

remote-control:

control-enable: yes

control-interface: 0.0.0.0

control-port: 8952

server-key-file: “/etc/nsd/nsd_server.key”

server-cert-file: “/etc/nsd/nsd_server.pem”

control-key-file: “/etc/nsd/nsd_control.key”

control-cert-file: “/etc/nsd/nsd_control.pem”

include: “/var/chroot/nsd/etc/nsd/conf.d/*.conf”

Can someone spot what I’m doing wrong?

Michael Rice

IT Architect

Samsung Austin R&D Center (SARC)

7300 RR 2222, Building 1, Suite 100

Austin, TX 78730

512-425-2521 (office)

512-577-2910 (mobile)

Ralph_Dolmans · November 16, 2016, 5:06pm

Hi Michael,

This is a bug in the config parser in NSD, which is triggered by the
combination of a "*" in your include config element, chroot and
nsd-control reconfig.

The chroot directory was only removed from the include files location
after calling glob(). First time NSD reads the config there is no
problem because it didn't call chroot() yet.

A fix for this issue was committed to our repository on Oct 18.

Regards,
-- Ralph