Re: local nameserver support

From: Magnus Ottosson <magnus grand1982 com>
Cc: networkmanager list <networkmanager-list gnome org>
Subject: Re: local nameserver support
Date: Tue, 21 Dec 2004 18:45:14 +0100

I'm using gentoo and I wanted to try out the latest NM so i downloadedthe cvs version and compiled it. I also emerge bind


net-dns/bind
      Latest version available: 9.2.2-r3
      Latest version installed: 9.2.2-r3]
      Size of downloaded files: 4,975 kB
      Homepage:    http://www.isc.org/products/BIND/bind9.html
      Description: BIND - Berkeley Internet Name Domain - Name Server
      License:     as-is

But when I start the network manager I get something like: Cannot startnameserver...

What is causing this? I could figure out how to apply this: setsebool -Pnamed_disable_trans true



Help?

Magnus
-----------------------------------
 Contact information
  Email: magnus grand1982 com



Colin Walters wrote:

Hi,

I just committed to CVS support for running a local copy of BIND 9 which
acts as a caching nameserver.  Actually, I guess I shouldn't say

"support", because it's actually now required.

There are a few reasons for this change, but the major ones are:

1) It's a step towards NetworkManager taking sole control over domain
   resolution; the idea is other applications should never
   touch /etc/resolv.conf directly.  I plan to provide a D-BUS interface
   for adding/removing nameservers.
2) It avoids issues with applications not picking up changes
   to /etc/resolv.conf.  Now resolv.conf just points to 127.0.0.1.

This setup seems to be working well for me, except for a bug in that on
a default Fedora Core 3 installation, bind won't be able to start
because the targeted SELinux policy can't differentiate the bind started
by NetworkManager from the "normal" bind.  I'm going to try fixing this
soon in a generic way; it's come up for gnome-user-share running Apache
too.  But as a temporary workaround, you can disable SELinux protection
for named with "setsebool -P named_disable_trans true".  This should be
acceptable for now since it's pretty unlikely you're running a real
nameserver (i.e. an authoritative public-facing bind) on the same
machine as NetworkManager at the moment.

Anyways, testing and feedback is appreciated!



------------------------------------------------------------------------

_______________________________________________
NetworkManager-list mailing list
NetworkManager-list gnome org
http://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: local nameserver support
  - From: Colin Walters

References:
- local nameserver support
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]