Can't add Zones with BIND Configuration GUI
Hi, not sure why but on one of my boxes I am having trouble adding a new zone with the BIND Configuration GUI. When I click New->Zone, it'd pop up a long form for me to fill out various things like .....
Cache Time To Live Authoritative Name Server Responsible Person E-mail etc I notice that on the working box, it'd populate the output of the "hostname" command onto the "Authoritative Name Server" field. However, on the box that doesn't allow me to add new zones, it uses something like localhost. Not sure if this helps in troubleshooting why it won't let me to add new zones. Any ideas? |
So what exactly happens when you try to add a new zone? I mean, does it give you any kind of error or anything?
|
No. When I click on the Add button. It just doesn't do anything. The form is still there. I tried clicking the Add button and same thing.
Also, just noticed this. When I used the Terminal to start the GUI by typing "system-config-bind", I see the following: Code:
[root@ns1 ~]# system-config-bind Code:
Traceback (most recent call last): |
I think I found the problem, which is really a bug with Red Hat. Can't believe this. The GUI was installed with the following RPM during the Install.
system-config-bind-4.0.3-4.el5.centos As per the Red Hat Buzilla, there is a bug and system-config-bind-4.0.13-1.fc11 is supposed to have fixed this. https://bugzilla.redhat.com/show_bug.cgi?id=505208 As to why it works on one of my boxes but not the other I don't know. |
Just found out the SELinux reported the following
Code:
SummarySELinux is preventing the named daemon from writing to the zone directoryDetailed DescriptionSELinux has denied the named daemon from writing zone files. Ordinarily, named is not required to write to these files. Only secondary servers should be required to write to these directories. If this machine is not a secondary server, this could signal a intrusion attempt. Allowing AccessIf you want named to run as a secondary server and accept zone transfers you need to turn on the named_write_master_zones boolean: "setsebool -P named_write_master_zones=1" The following command will allow this access:setsebool -P named_write_master_zones=1 I also discovered that I need to create a symoblic link file /etc/named.conf to /var/named/chroot//etc/named.conf in order to have the "Authoritative Name Server" and "Responsible Person E-mail Address" to populate correctly with the information returned by "hostname" command. |
Quote:
|
Okay I found the way to do this properly. It has nothing to do with the bug and nothing to do with having to setup symbolic links. Also has nothing to do with SELinux. The actual steps are.
1) Setup networking 2) Start BIND GUI Tool. It would volunteer to create initial named.conf file. Add Zone "xxx.com". Within the zone, add NS, MX records and then add A records for the NS, MX records. Save the settings. 3) cd /var/named/chroot/etc rndc-confgen Paste first section of rndc-confgen's output to /etc/rndc.conf chmod 640 /etc/rndc.conf chown root.named /etc/rndc.conf 4) Paste second section of rndc-confgen's output to /var/named/chroot/etc/named.conf 5) chkconfig --level 345 named on service named start |
All times are GMT -5. The time now is 05:24 PM. |