trouble with a pair of bind9 servers
Jonathan Horne
freebsd at dfwlp.com
Fri Sep 8 11:39:43 UTC 2006
i have 2 servers im working with for a test im doing with bind9. a FreeBSD
6.1-p4, and a FreeBSD 5.5-p3. both have bind9-9.3.2.1 from ports,
without "replace base version" checked. both are responding correctly for
general lookups of hosts out on the internet, even based on the querying
clients ip vs the acl on the zones.
the trouble im having is, that my slave (5.5-p3) will not transfer the zone
from the master (6.1-p4). my /var/log/messages is filled with these:
Sep 7 21:50:24 fbsd55-2 named[1847]: exiting
Sep 7 21:50:26 fbsd55-2 named[1924]: starting BIND 9.3.2 -t /var/named -u
bind
Sep 7 21:50:26 fbsd55-2 named[1924]: /etc/namedb/named.conf:40:
option 'allow-update' is not allowed in 'slave' zone 'dlptest.com'
Sep 7 21:50:26 fbsd55-2 named[1924]: command channel listening on
127.0.0.1#953
Sep 7 21:50:26 fbsd55-2 named[1924]: command channel listening on ::1#953
Sep 7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has 0 SOA
records
Sep 7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has no NS
records
Sep 7 21:50:26 fbsd55-2 named[1924]: running
Sep 7 21:50:27 fbsd55-2 named[1924]: dumping master
file: /etc/namedb/tmp-UZF5mCCxZP: open: permission denied
Sep 7 21:50:27 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from
192.168.125.91#53: failed while receiving responses: permission denied
Sep 7 21:51:20 fbsd55-2 named[1924]: dumping master
file: /etc/namedb/tmp-SaWWYxV06u: open: permission denied
Sep 7 21:51:20 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from
192.168.125.91#53: failed while receiving responses: permission denied
this was giving me the impression that the bind user was not able to write
to /var/named/etc/namedb, but every time i make a chmod or chown adjustment,
it just gets changed back:
fbsd55-2# /etc/rc.d/named restart
Stopping named.
etc/namedb changed
user expected 0 found 53 modified
Starting named.
fbsd55-2#
here are my 2 config files (first the master, then the slave)
acl "dlpnets" {
192.168.125.64/26;
127.0.0.1;
};
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 192.168.125.91; 127.0.0.1; };
};
view "internal" {
match-clients { dlpnets; };
recursion yes;
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};
zone "dlptest.com" {
type master;
file "/etc/namedb/dlptest.com.i.hosts";
allow-transfer { any; };
also-notify { 192.168.125.91; };
notify yes;
};
};
view "external" {
match-clients { any; };
recursion no;
zone "dlptest.com" {
type master;
file "/etc/namedb/dlptest.com.e.hosts";
};
};
(begin the slave named.conf)
acl "dlpnets" {
192.168.125.0/26;
192.168.125.91;
127.0.0.1;
};
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 192.168.125.93; };
};
view "internal" {
match-clients { dlpnets; };
recursion yes;
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};
zone "dlptest.com" {
type slave;
masters { 192.168.125.91; };
file "/etc/namedb/dlptest.com.i-slave.hosts";
transfer-source 192.168.125.93;
allow-transfer { any; };
allow-update { 192.168.125.91; };
};
};
ive been dinking around with this for a few hours now, and im about to pull
what little hair i have left out. can someone shed light on this for me
please? any help at all would be much appreciated!
cheers,
jonathan
More information about the bind-users
mailing list