Can't do traceroute or DNS queries withing a non-global zone.

I'll start by outlining my servers and their roles
they are all on the same network, behind the same gateway, plugged into the same switch.
secure1 = a freebsd server running bind. It's a recursive DNS server. works perfectly.
secure2 = a solaris 10 server.
zone1 = a zone that was setup before i inherited this env.
zone2 = a zone i tried to create, and it mostly worked.
The problem:
From zone2 I cannot do DNS queries. And traceroutes past the gateway don't work. At first I suspected the firewall, but everything that doesn't work on zone2, works fine on zone 1.
What does work on zone2
I can ssh into it
I can ssh out of it
I can ping it
I can ping from it
I can trace route from it to secure1
I can ssh to other hosts out on the internet.
What doesn't work
I can't do any DNS queries, whether the DNS server is inside of my network or outside of it.
I can't traceroute past my gateway, tho I can from zone1.
Finally here's what happens when I do a dns query
zone2# /usr/sbin/host google.com 66.48.78.91
;; connection timed out; no servers could be reached
Oh, I diffed the zone1.xml and zone2.xml files in /etc/zones and except for things like ip addresses they are the same.
Any suggestions would be muchly appreciated. Thanks folks.

ifconfig -a and netstat -rn from the zone that isn't working properly would help.
Off the top of my head, my guess is that your default route isn't valid for zone 2.

Similar Messages

  • DNS client in a non-global zone

    Hello,
    I want to configure only the non-global zone as a DNS client, with
    /etc/resolv.conf
    /etc/defaultdomain
    /etc/nsswitch.conf
    Is this ok or is this a global wide issue?
    -- Nick

    Yes. The /etc file system is private to each zone (both in the sparse and whole root models) so each zone can have it's own DNS settings (as well as private things like a different time zone and such).

  • Using a Fibre Channel HBA with a non-global zone.

    I am trying to let a non-global zone use a dual port HBA. Please note the goal is to use the HBA including the SAN devices, not just a device on the SAN. Does anyone know if and how this can be done?
    [root@global:/]# more /etc/release
                           Solaris 10 8/07 s10s_u4wos_12b SPARC ...
    [root@global:/]# zonecfg -z localzone info
    zonename: localzone
    zonepath: /zones/localzone
    brand: native
    autoboot: true
    bootargs:
    pool:
    limitpriv:
    scheduling-class:
    ip-type: shared
    net:
            address: x.x.x.x/24
            physical: qfe0
    device
            match: /dev/fc/fp[0-1]
    device
            match: /dev/cfg/c[1-2]
    device
            match: /dev/*dsk/c[1-2]*
    [root@global:/]# fcinfo hba-port
    HBA Port WWN: 210000e08b083b41
            OS Device Name: /dev/cfg/c1
            Manufacturer: QLogic Corp.
            Model: QLA2342
            Firmware Version: 3.3.24
            FCode/BIOS Version: No Fcode found
            Type: N-port
            State: online
            Supported Speeds: 1Gb 2Gb
            Current Speed: 2Gb
            Node WWN: 200000e08b083b41
    HBA Port WWN: 210100e08b283b41
            OS Device Name: /dev/cfg/c2
            Manufacturer: QLogic Corp.
            Model: QLA2342
            Firmware Version: 3.3.24
            FCode/BIOS Version: No Fcode found
            Type: N-port
            State: online
            Supported Speeds: 1Gb 2Gb
            Current Speed: 2Gb
            Node WWN: 200100e08b283b41
    [root@localzone:dev]# ls fc
    fp0  fp1
    [root@localzone:dev]# ls cfg
    c1  c2
    [root@localzone:dev]# ls dsk | grep s0
    c1t500601613021934Dd0s0
    c1t500601693021934Dd0s0
    c1t50060482D52D5608d0s0
    c1t50060482D52D5626d0s0
    c2t500601613021934Dd0s0
    c2t500601693021934Dd0s0
    c2t50060482D52D5608d0s0
    c2t50060482D52D5626d0s0
    [root@localzone:dev]# ls rdsk | grep s0
    c1t500601613021934Dd0s0
    c1t500601693021934Dd0s0
    c1t50060482D52D5608d0s0
    c1t50060482D52D5626d0s0
    c2t500601613021934Dd0s0
    c2t500601693021934Dd0s0
    c2t50060482D52D5608d0s0
    c2t50060482D52D5626d0s0
    [root@localzone:dev]# fcinfo hba-port
    No Adapters Found.

    You cannot present devices directly to the NGZ ( What a mouth/handful of words to say/type...sheesh! What's wrong with local zones, sun?)
    You can present filesystems and/or ZFS pools but not HBAs or other devices directly (AFAIK)

  • Netbackup with Solaris non-global zone!

    Hi,
    How to install and configure netbackup into Solaris 10 non-global zone? what steps need to follow?
    Thanks
    Tanvir

    I agree with running from the global zone. The added benefit is that if you backup the root of all zonepaths, then when you add any new non-global within that path, the new server will be automatically backed up.
    We had been installing the client on each server both global and non-global in the past. On our non-global zones, /usr is not writeable but /opt is. We would symlink /usr/openv to /opt/openv from the global and then remotely install the client software from the backup master via
    "/usr/openv/netbackup/bin/install_client_files ssh <client>"

  • HT201342 Bought an ipad but the seller didn't erase his Apple ID. I don't have his #. I restored it it asked me for a Apple ID I tried to sign in with mine and it asked me for a different Apple ID. What can I do or am I stuck with a non working ipad? Pls

    Bought an ipad but the seller didn't erase his Apple ID. I don't have his #. I restored it it asked me for a Apple ID I tried to sign in with mine and it asked me for a different Apple ID. What can I do or am I stuck with a non working ipad? Pls help.

    The previous user should have done this.
    What to do before selling or giving away your iPhone, iPad, or iPod touch
    http://support.apple.com/kb/HT5661http://support.apple.com/kb/HT5661
    You may have bought a stolen iPad. Or get a refund from the seller.
     Cheers, Tom

  • Lucreate not working with ZFS and non-global zones

    I replied to this thread: Re: lucreate and non-global zones as to not duplicate content, but for some reason it was locked. So I'll post here... I'm experiencing the exact same issue on my system. Below is the lucreate and zfs list output.
    # lucreate -n patch20130408
    Creating Live Upgrade boot environment...
    Analyzing system configuration.
    No name for current boot environment.
    INFORMATION: The current boot environment is not named - assigning name <s10s_u10wos_17b>.
    Current boot environment is named <s10s_u10wos_17b>.
    Creating initial configuration for primary boot environment <s10s_u10wos_17b>.
    INFORMATION: No BEs are configured on this system.
    The device </dev/dsk/c1t0d0s0> is not a root device for any boot environment; cannot get BE ID.
    PBE configuration successful: PBE name <s10s_u10wos_17b> PBE Boot Device </dev/dsk/c1t0d0s0>.
    Updating boot environment description database on all BEs.
    Updating system configuration files.
    Creating configuration for boot environment <patch20130408>.
    Source boot environment is <s10s_u10wos_17b>.
    Creating file systems on boot environment <patch20130408>.
    Populating file systems on boot environment <patch20130408>.
    Temporarily mounting zones in PBE <s10s_u10wos_17b>.
    Analyzing zones.
    WARNING: Directory </zones/APP> zone <global> lies on a filesystem shared between BEs, remapping path to </zones/APP-patch20130408>.
    WARNING: Device <tank/zones/APP> is shared between BEs, remapping to <tank/zones/APP-patch20130408>.
    WARNING: Directory </zones/DB> zone <global> lies on a filesystem shared between BEs, remapping path to </zones/DB-patch20130408>.
    WARNING: Device <tank/zones/DB> is shared between BEs, remapping to <tank/zones/DB-patch20130408>.
    Duplicating ZFS datasets from PBE to ABE.
    Creating snapshot for <rpool/ROOT/s10s_u10wos_17b> on <rpool/ROOT/s10s_u10wos_17b@patch20130408>.
    Creating clone for <rpool/ROOT/s10s_u10wos_17b@patch20130408> on <rpool/ROOT/patch20130408>.
    Creating snapshot for <rpool/ROOT/s10s_u10wos_17b/var> on <rpool/ROOT/s10s_u10wos_17b/var@patch20130408>.
    Creating clone for <rpool/ROOT/s10s_u10wos_17b/var@patch20130408> on <rpool/ROOT/patch20130408/var>.
    Creating snapshot for <tank/zones/DB> on <tank/zones/DB@patch20130408>.
    Creating clone for <tank/zones/DB@patch20130408> on <tank/zones/DB-patch20130408>.
    Creating snapshot for <tank/zones/APP> on <tank/zones/APP@patch20130408>.
    Creating clone for <tank/zones/APP@patch20130408> on <tank/zones/APP-patch20130408>.
    Mounting ABE <patch20130408>.
    Generating file list.
    Finalizing ABE.
    Fixing zonepaths in ABE.
    Unmounting ABE <patch20130408>.
    Fixing properties on ZFS datasets in ABE.
    Reverting state of zones in PBE <s10s_u10wos_17b>.
    Making boot environment <patch20130408> bootable.
    Population of boot environment <patch20130408> successful.
    Creation of boot environment <patch20130408> successful.
    # zfs list
    NAME USED AVAIL REFER MOUNTPOINT
    rpool 16.6G 257G 106K /rpool
    rpool/ROOT 4.47G 257G 31K legacy
    rpool/ROOT/s10s_u10wos_17b 4.34G 257G 4.23G /
    rpool/ROOT/s10s_u10wos_17b@patch20130408 3.12M - 4.23G -
    rpool/ROOT/s10s_u10wos_17b/var 113M 257G 112M /var
    rpool/ROOT/s10s_u10wos_17b/var@patch20130408 864K - 110M -
    rpool/ROOT/patch20130408 134M 257G 4.22G /.alt.patch20130408
    rpool/ROOT/patch20130408/var 26.0M 257G 118M /.alt.patch20130408/var
    rpool/dump 1.55G 257G 1.50G -
    rpool/export 63K 257G 32K /export
    rpool/export/home 31K 257G 31K /export/home
    rpool/h 2.27G 257G 2.27G /h
    rpool/security1 28.4M 257G 28.4M /security1
    rpool/swap 8.25G 257G 8.00G -
    tank 12.9G 261G 31K /tank
    tank/swap 8.25G 261G 8.00G -
    tank/zones 4.69G 261G 36K /zones
    tank/zones/DB 1.30G 261G 1.30G /zones/DB
    tank/zones/DB@patch20130408 1.75M - 1.30G -
    tank/zones/DB-patch20130408 22.3M 261G 1.30G /.alt.patch20130408/zones/DB-patch20130408
    tank/zones/APP 3.34G 261G 3.34G /zones/APP
    tank/zones/APP@patch20130408 2.39M - 3.34G -
    tank/zones/APP-patch20130408 27.3M 261G 3.33G /.alt.patch20130408/zones/APP-patch20130408

    I replied to this thread: Re: lucreate and non-global zones as to not duplicate content, but for some reason it was locked. So I'll post here...The thread was locked because you were not replying to it.
    You were hijacking that other person's discussion from 2012 to ask your own new post.
    You have now properly asked your question and people can pay attention to you and not confuse you with that other person.

  • Problem with exporting devices to non-global zone

    Hi,
    I've problem with exporting devices to my solaris zones (i try do add support to mount /dev/lofi/* in my non-global zone).
    A create cfg for my zone.
    Here it is:
    $ zonecfg -z sapdev info
    zonename: sapdev
    zonepath: /export/home/zones/sapdev
    brand: native
    autoboot: true
    bootargs:
    pool:
    limitpriv: default,sys_time
    scheduling-class:
    ip-type: shared
    fs:
    dir: /sap
    special: /dev/dsk/c1t44d0s0
    raw: /dev/rdsk/c1t44d0s0
    type: ufs
    options: []
    net:
    address: 194.29.128.45
    physical: ce0
    device
    match: /dev/lofi/1
    device
    match: /dev/rlofi/1
    device
    match: /dev/lofi/2
    device
    match: /dev/rlofi/2
    attr:
    name: comment
    type: string
    value: "This is SAP developement zone"
    global# lofiadm
    Block Device File
    /dev/lofi/1 /root/SAP_DB2_9_LUW.iso
    /dev/lofi/2 /usr/tmp/fsfile
    I reboot the non-global zone, even reboot global-zone, and after that, in sapdev zone, there is no /dev/*lofi/* files.
    What i do wrong? Maybe I reduce my sol 10 u4 sparc instalation too much.
    Can anybody help me?
    Thanks for help,
    Marek

    I experienced the same problem on my system Sol 10 08/07.
    Normally, when the zone enters the READY state during boot, it's zoneadmd will run devfsadm -z <zone>. In my understanding this is to create the necessary device files in ZONEPATH/dev.
    This worked well until recently. Now only the directories are still created.
    It seems as if devfsadm -z is broken. Somebody should issue a call to sun.
    As a workaround you can easily copy the device files into the zone. It is important not to copy the symbolic link but the target.
    # cp /dev/lofi/1 ZONEPATH/dev/lofi
    Hope this helps,
    Konstantin Gremliza

  • Oracle 10 g non-global zones with asynchronous I/O

    Hi,
    I note that using direct I/O (by setting the forcedirectio while
    mounting the database file systems) and bypassing the file system
    cache may improve database performance significantly, but this should
    be done only for file systems in which database files and redo log
    files exist. If direct I/O is used and there is not enough database
    buffer cache, it may even decrease the performance by moving the
    problem from double buffering to a lack of database buffer cache. So,
    this performance tuning must be planned carefully, and the database
    buffer cache should be sized properly. The direct I/O option should
    not be used for other file systems used by other applications because
    they still need the UFS buffer cache.
    Now, I have Oracle database installed inside a non-global zone and I
    see a lot of Asynchronous I/O wait warnings in the Oracle Alert log
    file. Storage mount points with UFS filesystem contain the Oracle
    datafiles and redo log files. In addition, two Oracle datafiles of 10
    GB each reside on the local disks. The Oracle init.ora parameter to
    set asynchronous I/O for Oracle database files is
    FILESYSTEMIO_OPTIONS= SETALL.
    Although the above parameter was set during the database installation,
    the aiowait warnings don't seem to disappear.
    Can I use the "forcedirectio" option at the Operating System /etc/
    vfstab file for Oracle datafiles and redo log files?
    Or, should I just move the Oracle database files residing on the local
    disks to the external storage? Will this take care of aiowait warnings
    and if yes, how? The storage is a DAS.
    Regards
    Sandeep

    I presume you compiled php on the Sun server, was this done using gcc or the Sun One C compiler.
    If the latter then you can also use the flag: --enable-nonportable-atomics when you run configure                                                                                                                                                                                                                                                                                                                                                                                                   

  • What options do I have to patch the recommended patchset on Solaris 10 with a bunch of non-global zones?

    With the standard patching process(installcluster), it takes a looong time since each zone needs veridated. Any option that I can apply the patchset to the global zone only, then later upgrade the non-global zones?
    If possible, I'd like to use LU.

    You can use LU but it will depend of your system config. There are instructions in the README of the patchset to install it on an alternate boot environment (previously created using lucreate).
    If you plan to use LU, read the following docs first to avoid common issues:
    Solaris Live Upgrade Software Patch Requirements(Doc ID 1004881.1)
    List of currently unsupported Live Upgrade (LU) configurations (Doc ID 1396382.1)
    You can also use Parallel Patching feature to improve performance :
    https://blogs.oracle.com/patch/entry/zones_parallel_patching_feature_now
    Solaris 10 10/09: Zones Parallel Patching to ReducePatching Time (System Administration Guide: Oracle Solaris Containers…
    What you can't do is patch the global zone only and the non-global zones later (unless the zones are detached). It's a requirement that the global and non-global stay synchronize at all time (considering that they are sharing the same kernel).

  • Pkgmap files missing in global zone, can't build non-global zone

    My solaris 10 server is missing the pkgmap files for the packages. As a result, I can't build a non-global zone. Is there a way to recreate the pkgmap files?
    The OS on the Solaris 10 server was installed via jumpstart (initial install). However, the Jumpstart process used a Solaris 9 boot server which seems to have caused the missing pkgmap problem.
    Does anyone know of any other problems which would result from a version mismatch between a boot and installation server during the jumpstart process?

    Hi, i have problems with building transmission from svn too:
    $ versionpkg
    ==> retrieving latest revision number from svn... 3730
    ==> newer revision detected: 3730
    ==> Entering fakeroot environment
    ==> Making package: transmission-svn 3730-1 (Di 6. Nov 08:28:38 CET 2007)
    ==> Checking Runtime Dependencies...
    ==> Checking Buildtime Dependencies...
    ==> Retrieving Sources...
    ==> Validating source files with md5sums
    ==> Extracting Sources...
    ==> Removing existing pkg/ directory...
    ==> Starting build()...
    Fetching external item into 'Transmission/third-party/libevent'
    Checked out external at revision 477.
    Checked out revision 3730.
    ==> SVN checkout done or server timeout
    ==> Starting make...
    ./autogen.sh: line 16: autoreconf: command not found
    Creating aclocal.m4 ...
    Running glib-gettextize...  Ignore non-fatal messages.
    Copying file mkinstalldirs
    Copying file po/Makefile.in.in
    Please add the files
      codeset.m4 gettext.m4 glibc21.m4 iconv.m4 isc-posix.m4 lcmessage.m4
      progtest.m4
    from the /aclocal directory to your autoconf macro directory
    or directly to your aclocal.m4 file.
    You will also need config.guess and config.sub, which you can get from
    ftp://ftp.gnu.org/pub/gnu/config/.
    Making aclocal.m4 writable ...
    Running intltoolize...
    PKGBUILD: line 33: ./configure: No such file or directory
    make: *** No targets specified and no makefile found.  Stop.
    ==> ERROR: Build Failed.  Aborting...
    ==> ERROR: Reverting pkgver...
    i dont know whats up with the autoreconf
    i hope anyone can help me!
    greez

  • Sun cluster 3.20, live upgrade with non-global zones

    I have a two node cluster with 4 HA-container resource groups holding 4 non-global zones running Sol 10 8/07 u4 which I would upgrade to sol10 u6 10/8. The root fileystem of the non-global zones is ZFS and on shared SAN disks so that can be failed over.
    For the LIve upgrade I need to convert the root ZFS to UFS which should be straight forward.
    The tricky stuff is going to be performing a live upgrade on non-global zones as their root fs is on the shared disk. I have a free internal disk on each of thenodes for ABE environments. But when I run the lucreate command is it going put the ABE of the zones on the internal disk as well or can i specifiy the location ABE for non-global zones. Ideally I want this to be shared disk
    Any assistance gratefully received

    Hi,
    I am not sure whether this document:
    http://wikis.sun.com/display/BluePrints/Maintaining+Solaris+with+Live+Upgrade+and+Update+On+Attach
    has been on the list of docs you found already.
    If you click on the download link, it won't work. But if you use the Tools icon on the upper right hand corner and click on attachements, you'll find the document. Its content is solely based on configurations with ZFS as root and zone root, but should have valuable information for other deployments as well.
    Regards
    Hartmut

  • Non-Global Zones - how can I tell what the Global Zone is

    Hi,
    I have a host that I know is a non-global zone (ngz). I can ssh to the ngz as root or a non-privileged user.
    But once there how do I know what the host name for the global zone is?
    I could probably run a script from all global zones to report all running zones and so I'd know that way but I have a specific need to know from inside the ngz.
    Thanks!
    Brian

    bdunbar wrote:
    That's a built-in security feature; and I know of no way to circumvent this mechanism.
    I had some hope that there was a way to 'see' at least the global-zone information from the zone. From the shell the 'zone' commands are available ..
    :# zoneadm list -cv
    ID NAME             STATUS         PATH                         
    48 hostname_svn   running        /  So it's at least aware that it is a zone, even if it can't tell me anything else about itself. I can still go the long way around to get the information for my need, thanks.
    The global zone is the only thing that can see everything. The non-global zones can only see information specific to their zone.
    This is by design and it really is a security mechanism. You don't want the zones running outside of their boundaries and information about the global zone (or any other zone) is outside the boundaries of a non-global zone.
    Cheers,

  • Can I import one non-global zone from one machine to another?

    If create a non-global zone on one disk on machine A, is it possible to make a copy of that disk, and import the non-global zone to machine B? If yes, how to import the non-global zone?
    Thanks!

    It should be possible if your machines are installed at the same way, because you need the same environment (patches, packages,..).
    If this is true you should export your zone definition on machine A (zonecfg export) and import it on machine B (zonecfg -f ...).
    Then create the new zone on B. If finished get your zonepath with all data on A an copy it to B. That should be all.
    With this solution I hope it would be possible to have a shadow instance on B and the aktiv instance on A. If you have your whole zonepath on external disks like EMC, you only have to mount your disks on B and start your zone.
    harruh

  • Sharing software package with non-global zone

    I've installed Solaris Studio 12.3 to a global zone on Solaris 11 following instructions from http://pkg-register.oracle.com which I want to make available to the non-global zones.  Do I need to install it independently for all zones, or can I export/share it?

    All files are normally installed in /opt/solarisstudio12.3. You can share it, but it is recommended to install it independently for all zones if you want different installed versions.

  • Live upgrade - solaris 8/07 (U4) , with non-global zones and SC 3.2

    Dears,
    I need to use live upgrade for SC3.2 with non-global zones, solaris 10 U4 to Solaris 10 10/09 (latest release) and update the cluster to 3.2 U3.
    i dont know where to start, i've read lots of documents, but couldn't find one complete document to cover the whole process.
    i know that upgrade for solaris 10 with non-global zones is supported since my soalris 10 release, but i am not sure if its supported with SC.
    Appreciate your help

    Hi,
    I am not sure whether this document:
    http://wikis.sun.com/display/BluePrints/Maintaining+Solaris+with+Live+Upgrade+and+Update+On+Attach
    has been on the list of docs you found already.
    If you click on the download link, it won't work. But if you use the Tools icon on the upper right hand corner and click on attachements, you'll find the document. Its content is solely based on configurations with ZFS as root and zone root, but should have valuable information for other deployments as well.
    Regards
    Hartmut

Maybe you are looking for

  • Closing an iView

    A user navigates within a portal to an iView. I have a requirement to add a button onto the iView WD application that would simply close the  iView which was opened. I understand that in the portal we cannot use an exit plug. Instead we simply add an

  • Pages doesn't print, pdfs do

    I have the newest OS, an iMac and a Brother printer.  It all worked great two days ago and before.  The printer is about three months old. Today I needed to print some Pages documents and the print screen runs through all the steps indicating that it

  • Photos and movies not draggable

    I'm just getting started with iweb... When trying to replace photos from template pages with my own images - the file name shows up on the webpage but the image itself is no where to be found. When I click on the image's name on the webpage, a box en

  • Presenter 7 Question Description for SCORM Interactions

    I am trying to support a client using our LMS. He is creating SCORM 2004 content with quizzes using Adobe Presenter 7. He has chosen to report question-level details for the quiz interactions. All data comes through in the LMS just fine, except for t

  • Script itcsy structure problem

    HI Friends, Using ITCSy structure , when i try to add fields its not picking up the data . please can any body help in this .. if any body have any sample program please send it to me. Here my requirement is to add two new fields (bkpf-bktxt,bseg-sgt