I have a FreeBSD 14.0 system with a 14.0-RELEASE jail:
Networking is setup to share the host system's IP address.
I have the dns/bind916 package installed inside the jail:
It's configured to allow recursion and forward requests to another DNS resolver (it's currently open to any for the purpose of troubleshooting):
The DNS server starts correctly:
If I try to do a recursive query it fails:
If I remember correctly, I think there is some weird quirk with BIND and jails that requires me to add something extra to the jail's configuration. I don't remember what that is.
Code:
dns {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";
allow.raw_sockets;
exec.clean;
mount.devfs;
host.hostname = "${name}";
path = "/usr/local/jails/${name}";
ip4 = inherit;
}
Code:
jls
JID IP Address Hostname Path
....
6 dns.test.local /usr/local/jails/dns
Networking is setup to share the host system's IP address.
Code:
ifconfig
vmx0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether 00:50:56:96:b6:18
inet 192.168.0.209 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
jexec dns ifconfig
vmx0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether 00:50:56:96:b6:18
inet 192.168.0.209 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect
status: active
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
groups: lo
I have the dns/bind916 package installed inside the jail:
Code:
pkg --jail dns info -x bind9
bind916-9.16.50_1
It's configured to allow recursion and forward requests to another DNS resolver (it's currently open to any for the purpose of troubleshooting):
Code:
options {
recursion yes;
allow-recursion { any; };
listen-on { any; };
forwarders {
192.168.0.10;
192.168.0.11;
};
};
The DNS server starts correctly:
Code:
sockstat -4ln -j dns
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
53 named 51837 27 udp4 192.168.0.209:53 *:*
53 named 51837 28 udp4 192.168.0.209:53 *:*
53 named 51837 29 tcp4 192.168.0.209:53 *:*
53 named 51837 30 tcp4 192.168.0.209:53 *:*
53 named 51837 33 udp4 127.0.0.1:53 *:*
53 named 51837 34 udp4 127.0.0.1:53 *:*
53 named 51837 35 tcp4 127.0.0.1:53 *:*
53 named 51837 36 tcp4 127.0.0.1:53 *:*
53 named 51837 37 tcp4 127.0.0.1:953 *:*
If I try to do a recursive query it fails:
Code:
drill @127.0.0.1 www.freebsd.org
;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 28015
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; www.freebsd.org. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 697 msec
;; SERVER: 127.0.0.1
;; WHEN: Wed May 8 02:39:15 2024
;; MSG SIZE rcvd: 33
If I remember correctly, I think there is some weird quirk with BIND and jails that requires me to add something extra to the jail's configuration. I don't remember what that is.