My DNS sinkhole is failing to start
Blason R
blason16 at gmail.com
Mon Nov 27 11:48:44 UTC 2017
This definitely not the case as I am sure I have disabled the selinux from
/etc/sysconfig/selinux
[root at dnsdef.isnlab.in /cf/cleandns/sbin]# getenforce
Disabled
Though I am trying other steps and will let you know in a moment
On Mon, Nov 27, 2017 at 1:16 PM, Daniel Stirnimann <
daniel.stirnimann at switch.ch> wrote:
> On 26.11.17 16:48, Blason R wrote:
> > Strange...when I started with command line it started successfully even
> > catering all my zones and sinkholing the requests as well
> >
> > /usr/sbin/named -u named -d 10 -c /etc/named.conf
>
> Might be a SELinux issue. Your configuration is likely not compatible
> with the SELinux policy. Starting it manually will run it in
> "unconfined" because your user id is "unconfined".
>
> To quickly confirm it is an SELinux policy issue:
>
> # get SELinux mode
> getenforce
>
> # set SELinux mode to permissive (if previously Enforcing)
> setenforce permissive
>
> To fix the issue, I suggest you install:
> yum install setroubleshoot-server
>
> which contains the tool sealert. Then you run:
>
> sealert -a /var/log/audit/audit.log
>
> And follow the recommendations in the output.
>
> Daniel
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171127/9eeead33/attachment.html>
More information about the bind-users
mailing list