Zone Transfer from MS DNS to Bind
Kevin Darcy
kcd at daimlerchrysler.com
Fri Aug 11 02:24:13 UTC 2006
Something _other_ than the regular Unix/Linux file/directory permissions
are preventing named from writing to that directory. E.g. MAC as
described in http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
- Kevin
Shaheen wrote:
> Hi,
> am having a problem configuring Bind as secondary server for an MS
> Windows 2k based primary DNS.
>
> what i get in log file is
> name named[10827]: transfer of 'abc.com/IN' from x.x.x.x#53: end of
> transfer
> name named[10827]: loading configuration from '/etc/named.conf'
> name kernel: audit(1154526782.984:309): avc: denied { write } for
> pid=10831 comm="named" name="named" dev=dm-0 ino=5303719
> scontext=root:system_r:named_t:s0
> tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
> name named[10827]: logging channel 'default_debug' file
> '/var/named/named.run': permission denied
> name named[10827]: zone abc.com/IN/internal: Transfer started.
> name named[10827]: transfer of 'abc.com/IN' from x.x.x.x#53: connected
> using 192.168.1.14#58206
> name named[10827]: dumping master file: tmp-xRln0Jv84M: open:
> permission denied
> name kernel: audit(1154526783.624:310): avc: denied { write } for
> pid=10829 comm="named" name="named" dev=dm-0 ino=5303719
> scontext=root:system_r:named_t:s0
> tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
> name named[10827]: transfer of 'abc.com/IN' from x.x.x.x#53: failed
> while receiving responses: permission denied
> name named[10827]: transfer of 'abc.com/IN' from x.x.x.x#53: end of
> transfer
>
>
> and permissons for /var/named is drwxr-x--- 6 root named 4096 Jul
> 23 19:14 named
>
> when i changed the permission to drwxr-x--- 6 named named 4096
> Jul 23 19:14 named
>
> i got the same error.
>
> my named.conf is
> options {
> directory "/var/named/";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> datasize default;
> recursive-clients 30000;
> max-cache-size 800000000;
> pid-file "/var/run/named/named.pid";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
> };
>
>
> logging {
> category lame-servers {
> null;
>
> };
>
>
>
>
>
> channel "default_debug" {
> file "/var/named/named.run"; // write to
> named.run in
> // the working directory
> // Note: stderr is used instead
> // of "named.run"
> // if the server is started
> // with the '-f' option.
> severity critical; // log at the server's
> // current debug level};
> };
> };
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>
> };
>
> zone "abc.com" {type slave; file "db.zone"; masters {x.x.x.x; };};
> include "/etc/rndc.key"
>
>
> please advice
>
> Thank you
>
>
>
>
>
>
More information about the bind-users
mailing list