Zero Length zone files when xfering as non-root

Kevin Darcy kcd at daimlerchrysler.com
Thu Dec 20 02:33:12 UTC 2001 

How full is the partition? I've had situations where root could exceed minfree
but non-root users could not.


- Kevin

Darron Froese wrote:

> Today our secondary name server (bind 8.2.5 on Linux 2.2.19 [Mandrake 7.1] -
> it's chrooted and running as named.named) decided it wanted to stop
> importing zones it was a slave for - I'm not sure why.
>
> It still resolves names just fine for our network - it just won't xfer and
> be authoritative for the domains it's a secondary for.
>
> I've pared the named.conf file down to a single zone and it still doesn't
> load that zone:
>
> This is the primary:
>
> 19-Dec-2001 18:31:38.752 security: info: approved AXFR from
> [207.228.67.229].2809 for "javelindigital.com"
> 19-Dec-2001 18:31:38.752 xfer-out: info: zone transfer (AXFR) of
> "javelindigital.com" (IN) to [207.228.67.229].2809
>
> This is the secondary:
>
> 19-Dec-2001 17:31:32.715 load: warning: Zone "javelindigital.com" (file
> backup/javelindigital.com.backup): no SOA RR found
> 19-Dec-2001 17:31:32.715 load: error: slave zone "javelindigital.com" (IN)
> rejected due to errors (serial 0)
>
> I can transfer the zone file manually as root:
>
> [root at uber backup]# nslookup - rackspace
> Default Server:  rackspace.javelindigital.com
> Address:  209.61.155.85
>
> > ls -d javelindigital.com
> [rackspace.javelindigital.com]
> $ORIGIN javelindigital.com.
> @                       5M IN SOA       ns1 dns (
>                                         2001112602      ; serial
>                                         2H              ; refresh
>                                         10M             ; retry
>                                         1D              ; expiry
>                                         5M )            ; minimum
>
>                         5M IN NS        ns1
>                         5M IN NS        ns2
>                         5M IN MX        10 mail
>                         5M IN MX        20 rackspace
>
> [ Zone records deleted ]
>
> @                       5M IN SOA       ns1 dns (
>                                         2001112602      ; serial
>                                         2H              ; refresh
>                                         10M             ; retry
>                                         1D              ; expiry
>                                         5M )            ; minimum
>
> I can do it on the command line using named-xfer as root:
>
> [root at uber backup]# /usr/local/chroot/named/usr/sbin/named-xfer -z
> javelindigital.com -f jd.com -s 0 rackspace
> named-xfer[29060]: send AXFR query 0 to 209.61.155.85
> [root at uber backup]# ls -l
> total 4
> -rw-r--r--    1 named    named           0 Dec 19 17:31
> javelindigital.com.backup
> -rw-r--r--    1 root     root         3765 Dec 19 17:36 jd.com
>
> But I can't do it as the user "named":
>
> [named at uber backup]$ /usr/local/chroot/named/usr/sbin/named-xfer -z
> javelindigi
> tal.com -f jd2.com -s 0 rackspace
> named-xfer[29077]: send AXFR query 0 to 209.61.155.85
> [named at uber backup]$ ls -l
> total 4
> -rw-r--r--    1 named    named           0 Dec 19 17:31
> javelindigital.com.backup
> -rw-r--r--    1 named    named           0 Dec 19 17:37 jd2.com
> -rw-r--r--    1 root     root         3765 Dec 19 17:36 jd.com
>
> It just creates a zero length file when I do it as the named user.
>
> I remember reading something about this when I set up this server last year
> - but Google isn't helping me and I can't find the answer.
>
> Anyone got an idea?

More information about the bind-users mailing list