[stunnel-users] jailed stunnel can't find DNS
conover at rahul.net
Mon Nov 8 13:06:37 CET 2004
Michal Trojnara writes:
> "John Conover" <conover at rahul.net> wrote:
> > chroot = /usr/local/stunnel/var/run/
> > delay = yes
> > 2004.11.07 16:49:10 LOG3[3794:1025]: Failed to resolve hostname
> > 'abc.wxyz.net'
> > Removing chroot in stunnel.conf fixes the problem, but its no longer
> > jailed.
> > Hints?
> Yes. You have several options:
> 1. As you noticed you can turn off chroot.
> 2. You can turn off delayed resolver (to resolve hosts at startup, before
> 3. You can create the files/devices your resolver library needs inside the
> chroot jail.
> strace is your friend: http://sourceforge.net/projects/strace/
> 4. You can use IP address as "connect" parameter instead of domain name.
Thanks, Mike. Using IP addresses as a "connect" parameter worked like
How do you make sure the remote/server stunnel is kept running?
I haven't waded through the sources to stunnel, but is there a command
line arg "if its not running, make it so," by checking the pid file as
a lock file and check if the pid is valid as a stunnel process-so it
could be run periodically out of cron(8) to keep it running, in case
the remote went down?
Or, something similar triggered by the client machine?
BTW, as a sidebar, the -Wall gcc(1) command line arg in the compile of
stunnel was a nice touch-shows the authors cared.
John Conover, conover at rahul.net, http://www.johncon.com/
More information about the stunnel-users