problems with slave after upgrade.

Michael Kjorling michael at kjorling.com
Mon Jun 4 20:14:44 UTC 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jun 4 2001 16:04 -0400, Charles Bodley wrote:

> > Running BIND as root doesn't seem like a great idea to me - have you
> > considered letting it run under its own uid (I have mine running as
> > named, group named)?
>
> $Starting named: /usr/local/sbin/named: -u not supported on Linux kernels
> older than 2.3.99-pre3 when using threads
> [FAILED]
> I would run as named if I could. I was with the old version.

It works perfectly fine for me, on Linux 2.2.18 and without explicitly
specfying threading options in the configure call. My named is started
with the command `daemon named -u named' from the
/etc/rc.d/init.d/named script. ps also gives this, so I'd assume it's
threaded:

[michael at varg michael]$ ps axu | grep named
named    23955  0.0  1.6  7728  6328  ?  S  May 21   0:00 named -u named
named    23958  0.0  1.6  7728  6328  ?  S  May 21   0:00 named -u named
named    23959  0.0  1.6  7728  6328  ?  S  May 21   3:08 named -u named
named    23960  0.0  1.6  7728  6328  ?  S  May 21   0:00 named -u named
named    23961  0.0  1.6  7728  6328  ?  S  May 21   0:24 named -u named
[michael at varg michael]$


> > I was getting timeouts as well before I figured out it was the
> > firewall. You have to allow TCP traffic both originating from and
> > destined for port 53 for at least whatever machines you want to be
> > able to do zone transfers with. Does your firewall permit that?
>
> Both boxes are in front of the firwall so that should not be an issue.

And I assume you aren't running a local firewall like ipchains on the
boxes? In that case, I don't know what could be wrong right off hand.


> Is this the correct syntax for a slave? Can't find named.conf man page for
> bind 9.
> zone "cincynet.com" {
>         type slave;
>         file "db.cincynet_com";
>         allow-update yes;
>
> {
>                 216.143.228.100;
>         };
> };
> Did not have the allow update line in there before. When I added
> it bind failed to start. Is there something I'm missing? By
> updating I mean I changed ns1 and restarted but ns2 produced
> errors when it tried to accept the changes.
>
> Thanks again for all your help.

No, this is wrong. allow-update takes one argument, a list of IPs
and/or ACLs. So the correct syntax would be:

zone "cincynet.com" {
  type slave;
  file "db.cincynet_com";
  allow-update { 216.143.228.100; };
};

However, if you just mean a zone transfer, this shouldn't be
necessary. Assuming that you have the appropriate allow-transfer{} and
possibly notify clauses on the master, I am out of ideas for the
moment...

Will let you know if I come up with something.


Michael Kjörling

- -- 
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7G+w3KqN7/Ypw4z4RAtJ7AKC4PCPv8mIWTziQym+maw1eDyz0MACfYckv
aYFHex9wBp2xKlrimt2vdco=
=Za26
-----END PGP SIGNATURE-----

More information about the bind-users mailing list