Recent Problem with BIND 9 under Windows XP
Vincent Poy
vincepoy at gmail.com
Thu Jun 28 04:03:07 UTC 2007
On 6/27/07, Vinny Abello <vinny at tellurian.com> wrote:
> Vincent Poy wrote:
>
> >> Remember when you're testing it and it appears to work from the command
> >> line, you are running from a different user account. You could possibly try to > >> run it from the command line using the runas utility and specify the
> >> credentials that the service runs under, but I've never tried it and don't know
> >> what result you might get. It should work in theory though. I would give that a > >> try if logging to file turns up nothing.
> >
> > You're right about the lack of syslog in Windows so it will only log a
> > event rather than detailed like syslog on a Unix box would. Is there
> > a way to log to a specific logfile using named.conf in Windows?
>
> See at the end of this message.
Thanks for the hint on how to do the logfiles in named.conf. I guess
the logfile would only log if the ISC BIND service would start
successfully.
> > Thanks for the reminder about testing named from the command line, it
> > runs from a different user account. I tried running it on the command
> > line as the named user and it appears to run correctly:
>
> > When I tested it originally, it was running from the vince account on
> > the command line and the vince account is setup as a Administrator.
>
> That's what I suspected.
>
> > One thing that puzzles me is that for the ISC BIND service, if I
> > change it to run as Local System Account, it will run fine but if I
> > tried it with named or vince, it will have the problem after 3 seconds
> > (I timed it this time) that I mentioned when I wrote the original
> > message about this problem. So I don't know why it's won't start the
> > service running as the named user when it worked in the past.
>
> I think your NTFS permissions may not be setup to allow the account you have
> setup for the BIND service to write out data. Maybe the permissions were reset
> from a higher directory and propagated down that is restricting writing temporary > files, or maybe permissions on just specific files are not being inherited properly...
The thing is that I'm the only one who uses the system and there has
been no changes as far as permissions. In fact, this is what it
shows:
C:\Documents and Settings\vince>cacls c:\windows\system32\dns
c:\windows\system32\dns SOLAR\named:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Everyone:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)(special access:)
DELETE
FILE_DELETE_CHILD
C:\Documents and Settings\vince>cacls c:\windows\system32\dns\bin
c:\windows\system32\dns\bin SOLAR\named:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Everyone:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)(special access:)
DELETE
FILE_DELETE_CHILD
C:\Documents and Settings\vince>cacls c:\windows\system32\dns\etc
c:\windows\system32\dns\etc SOLAR\named:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Everyone:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)(special access:)
DELETE
FILE_DELETE_CHILD
Cheers,
Vince
More information about the bind-users
mailing list