problems with slave after upgrade.

Charles Bodley Bodley at tflogic.com
Mon Jun 4 20:04:16 UTC 2001 


> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Michael Kjorling
> Sent: Monday, June 04, 2001 3:20 PM
> To: BIND-Users
> Subject: RE: problems with slave after upgrade.
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Running BIND as root doesn't seem like a great idea to me - have you
> considered letting it run under its own uid (I have mine running as
> named, group named)?

$Starting named: /usr/local/sbin/named: -u not supported on Linux kernels
older than 2.3.99-pre3 when using threads
[FAILED]
I would run as named if I could. I was with the old version.

>
> I was getting timeouts as well before I figured out it was the
> firewall. You have to allow TCP traffic both originating from and
> destined for port 53 for at least whatever machines you want to be
> able to do zone transfers with. Does your firewall permit that?

Both boxes are in front of the firwall so that should not be an issue.

> "And it still gives permission denied when updating a zone" - this is
> a very vague phrasing. Updating? That is controlled by allow-update{},
> so I'd add the IP address of the machine there and see what happens.
>

Is this the correct syntax for a slave? Can't find named.conf man page for
bind 9.
zone "cincynet.com" {
        type slave;
        file "db.cincynet_com";
        allow-update yes;

{     
                216.143.228.100;
        };
};
Did not have the allow update line in there before. When I added it bind failed to start. Is there something I'm missing? By updating I mean I changed ns1 and restarted but ns2 produced errors when it tried to accept the changes.

Thanks again for all your help.

> 
> Michael Kjörling
> 
> 
> On Jun 4 2001 14:38 -0400, Charles Bodley wrote:
> 
> > Touch worked thanks again.
> >
> > Didn't think file ownership mattered since bind is running 
> as root. Changed
> > all files and folder to root.root just in case. This is the 
> newest error
> > message. No longer denied now timeouts.
> >
> > Jun  4 14:34:42 ns2 /usr/local/sbin/named[29605]: 
> refresh_callback: zone
> > drpill.com/IN: failure for 216.143.228.100#53: timed out
> >
> > And it still gives permission denied when updating a zone.
> 
> - -- 
> Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
> "We must be the change we wish to see" (Mahatma Gandhi)
> 
> ^..^     Support the wolves in Norway -- go to     ^..^
>  \/   http://home.no.net/ulvelist/protest_int.htm   \/
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE7G99IKqN7/Ypw4z4RAmwwAKD7ubIxJI92KHhEIiPOhXDiTi6DQgCgtu1b
> JmqSq8NBbJWtKDGuHfb0+Ys=
> =gS1i
> -----END PGP SIGNATURE-----
> 
> 
> 
>

More information about the bind-users mailing list