maradns not binding to port 53 after chroot

Bug #1753847 reported by John Logsdon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
maradns (Ubuntu)
New
Undecided
Unassigned

Bug Description

1) I had to install authbind and set /etc/authbind/byuid/nn to 0.0.0.0/53,53 to get maraDNS to work, as otherwise when it chroot's to maradns, it cannot bind to port 53.

2) Zoneserver runs under UID 99 rather than migrating also to maradns, although TCP requests are rare.

nn is the maradns uid so I have added files for nn and 99.

Samboy reports that this is a Debian issue, which is the upstream supplier:

https://github.com/samboy/MaraDNS/issues/40

iptables on port 53 - both sport and dport directions open:

ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53

apport example report (it is installed on 4 16.04 LTS nameservers but they all need authbind):

ProblemType: Bug
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Tue Mar 6 12:16:42 2018
Dependencies:
 adduser 3.113+nmu3ubuntu4
 apt 1.2.25
 apt-utils 1.2.25
 debconf 1.5.58ubuntu1
 debconf-i18n 1.5.58ubuntu1
 debianutils 4.7
 dpkg 1.18.4ubuntu1.3
 duende 2.0.13-1
 gcc-5-base 5.4.0-6ubuntu1~16.04.9
 gcc-6-base 6.0.1-0ubuntu1
 gnupg 1.4.20-1ubuntu3.1
 gpgv 1.4.20-1ubuntu3.1
 init-system-helpers 1.29ubuntu4
 libacl1 2.2.52-3
 libapt-inst2.0 1.2.25
 libapt-pkg5.0 1.2.25
 libattr1 1:2.4.47-2
 libaudit-common 1:2.4.5-1ubuntu2.1
 libaudit1 1:2.4.5-1ubuntu2.1
 libbz2-1.0 1.0.6-8
 libc6 2.23-0ubuntu10
 libdb5.3 5.3.28-11ubuntu0.1
 libgcc1 1:6.0.1-0ubuntu1
 liblocale-gettext-perl 1.07-1build1
 liblz4-1 0.0~r131-2ubuntu2
 liblzma5 5.1.1alpha+20120614-2ubuntu2
 libpam-modules 1.1.8-3.2ubuntu2
 libpam-modules-bin 1.1.8-3.2ubuntu2
 libpam0g 1.1.8-3.2ubuntu2
 libpcre3 2:8.41-4+ubuntu16.04.1+deb.sury.org+1 [origin: LP-PPA-ondrej-php]
 libreadline6 6.3-8ubuntu2
 libselinux1 2.4-3build2
 libsemanage-common 2.3-1build3
 libsemanage1 2.3-1build3
 libsepol1 2.4-2
 libstdc++6 5.4.0-6ubuntu1~16.04.9
 libtext-charwidth-perl 0.04-7build5
 libtext-iconv-perl 1.7-5build4
 libtext-wrapi18n-perl 0.06-7.1
 libtinfo5 6.0+20160213-1ubuntu1
 libusb-0.1-4 2:0.1.12-28
 libustr-1.0-1 1.0.4-5
 lsb-base 9.20160110ubuntu0.2
 maradns 2.0.13-1
 maradns-zoneserver 2.0.13-1
 multiarch-support 2.23-0ubuntu10
 passwd 1:4.2-3.1ubuntu5.3
 perl-base 5.22.1-9ubuntu0.2
 readline-common 6.3-8ubuntu2
 sensible-utils 0.0.9
 tar 1.28-2.1ubuntu0.1
 ubuntu-keyring 2012.05.19
 zlib1g 1:1.2.8.dfsg-2ubuntu4.1
DistroRelease: Ubuntu 16.04
InstallationDate: Installed on 2018-01-22 (43 days ago)
InstallationMedia: Ubuntu-Server 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
JournalErrors:
 -- Logs begin at Tue 2018-03-06 05:42:01 GMT, end at Tue 2018-03-06 12:16:01 GMT. --
 Mar 06 06:19:01 hostname postfix/cleanup[17814]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 07:03:01 hostname postfix/cleanup[18863]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 07:50:01 hostname postfix/cleanup[20299]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 07:56:01 hostname postfix/cleanup[20422]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 09:26:01 hostname postfix/cleanup[22579]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 09:28:42 hostname etc_maradns_mararc-zs[3307]: Log: Root directory changed
 Mar 06 09:28:42 hostname etc_maradns_mararc-zs[3307]: Log: Socket opened on TCP port 53
 Mar 06 09:28:42 hostname etc_maradns_mararc-zs[3307]: Log: Root privileges dropped
 Mar 06 09:41:21 hostname etc_maradns_mararc-zs[3307]: Log: Root directory changed
 Mar 06 09:41:21 hostname etc_maradns_mararc-zs[3307]: Log: Socket opened on TCP port 53
 Mar 06 09:41:21 hostname etc_maradns_mararc-zs[3307]: Log: Root privileges dropped
 Mar 06 09:41:22 hostname etc_maradns_mararc-zs[3307]: Log: Root directory changed
 Mar 06 09:41:22 hostname etc_maradns_mararc-zs[3307]: Log: Socket opened on TCP port 53
 Mar 06 09:41:22 hostname etc_maradns_mararc-zs[3307]: Log: Root privileges dropped
 Mar 06 10:13:01 hostname postfix/cleanup[23977]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 11:02:01 hostname postfix/cleanup[25008]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
 Mar 06 11:49:01 hostname postfix/cleanup[26399]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Package: maradns 2.0.13-1
PackageArchitecture: amd64
ProcCpuinfoMinimal:
 processor : 0
 vendor_id : GenuineIntel
 cpu family : 6
 model : 2
 model name : QEMU Virtual CPU version 2.1.3
 stepping : 3
 microcode : 0x1
 cpu MHz : 1999.998
 cache size : 4096 KB
 physical id : 0
 siblings : 1
 core id : 0
 cpu cores : 1
 apicid : 0
 initial apicid : 0
 fpu : yes
 fpu_exception : yes
 cpuid level : 4
 wp : yes
 flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 popcnt hypervisor lahf_lm abm kaiser
 bugs :
 bogomips : 3999.99
 clflush size : 64
 cache_alignment : 64
 address sizes : 40 bits physical, 48 bits virtual
 power management:
ProcEnviron:
 LANGUAGE=en_GB:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98
SourcePackage: maradns
Tags: third-party-packages xenial
Uname: Linux 4.4.0-112-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
_MarkForUpload: True
modified.conffile..etc.maradns.mararc:
 ipv4_bind_addresses = "127.0.0.1,46.43.15.207"
 hide_disclaimer = "YES"
 chroot_dir = "/etc/maradns"
 maradns_user="maradns"
 no_fingerprint = 1
 debug_msg_level = 0
 verbose_level = 0
 max_chain = 8
 max_ar_chain = 1
 max_total = 20
 #synth_soa_origin = ""
 tcp_convert_acl = "0.0.0.0/0"
 tcp_convert_server = "46.43.15.207"
 long_packet_ipv4 = "46.43.15.207"
 ipv4_alias = {}
 # [abc].ns.bytemark.c.ok
 ipv4_alias["bytemark"] = "80.68.80.26,85.17.170.78,80.68.80.27"
 ## ICANN: the most common and most controversial root name server
 ## http://www.icann.org
 #ipv4_alias["icann"] = "198.41.0.4,128.9.0.107,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,198.32.64.12,202.12.27.33"
 ## OSRC: http://www.open-rsc.org/
 #ipv4_alias["osrc"] = "199.166.24.1,205.189.73.102,199.166.24.3,207.126.103.16,195.117.6.10,205.189.73.10,204.57.55.100,213.196.2.97"
 ## AlterNIC: http://www.alternic.org/
 #ipv4_alias["alternic"] = "160.79.129.192,24.6.78.12,160.79.133.70,65.15.8.202,216.162.42.240,195.224.64.190,160.79.133.66,216.162.42.185"
 ## OpenNIC: http://www.opennic.unrated.net/
 ipv4_alias["opennic"] = "131.161.247.226,209.151.84.102,64.247.218.140,64.247.218.149,209.104.33.250,209.104.63.249,209.151.84.103,199.175.137.211,207.6.128.246,65.243.92.254"
 # The following line must be uncommented to enable recursive queries
 root_servers = {}
 root_servers["."] = "bytemark"
 csv2 = {}
 csv2["alex-logsdon.com."] = "alex-logsdon.com.db"
 csv2["edgetherapy.com."] = "edgetherapy.com.db"
 csv2["elainecolliar.com."] = "elainecolliar.com.db"
 csv2["enemyofdebt.com."] = "enemyofdebt.com.db"
 csv2["fiftyandfun.com."] = "fiftyandfun.com.db"
 csv2["john-logsdon.com."] = "john-logsdon.com.db"
 csv2["lxlautos.com."] = "lxlautos.com.db"
 csv2["maria-nedeva.com."] = "maria-nedeva.com.db"
 csv2["mortgagefreeinthree.com."] = "mortgagefreeinthree.com.db"
 csv2["philip-logsdon.com."] = "philip-logsdon.com.db"
 csv2["quantex.co.uk."] = "quantex.co.uk.db"
 csv2["quantex-research.com."] = "quantex-research.com.db"
 csv2["quantex-research.co.uk."] = "quantex-research.co.uk.db"
 csv2["readysteadygowebsites.com."] = "readysteadygowebsites.com.db"
 csv2["rotundwriter.com."] = "rotundwriter.com.db"
 csv2["the4starjournal.com."] = "the4starjournal.com.db"
 csv2["thefourstarjournal.com."] = "thefourstarjournal.com.db"
 csv2["themoneyprinciple.co.uk."] = "themoneyprinciple.co.uk.db"

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: maradns 2.0.13-1
ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98
Uname: Linux 4.4.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Tue Mar 6 12:02:35 2018
InstallationDate: Installed on 2018-01-22 (43 days ago)
InstallationMedia: Ubuntu-Server 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
ProcEnviron:
 LANGUAGE=en_GB:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: maradns
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.maradns.mararc: 2018-02-22T14:01:13

Revision history for this message
John Logsdon (j-logsdon) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.