LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Can't add Zones with BIND Configuration GUI (https://www.linuxquestions.org/questions/linux-general-1/cant-add-zones-with-bind-configuration-gui-821713/)

grob115 07-23-2010 10:20 AM
Can't add Zones with BIND Configuration GUI
 
Hi, not sure why but on one of my boxes I am having trouble adding a new zone with the BIND Configuration GUI. When I click New->Zone, it'd pop up a long form for me to fill out various things like .....
Cache Time To Live
Authoritative Name Server
Responsible Person E-mail
etc

I notice that on the working box, it'd populate the output of the "hostname" command onto the "Authoritative Name Server" field. However, on the box that doesn't allow me to add new zones, it uses something like localhost. Not sure if this helps in troubleshooting why it won't let me to add new zones.

Any ideas?

Mr. Majestic 07-23-2010 11:56 AM
So what exactly happens when you try to add a new zone? I mean, does it give you any kind of error or anything?

grob115 07-23-2010 08:12 PM
No. When I click on the Add button. It just doesn't do anything. The form is still there. I tried clicking the Add button and same thing.

Also, just noticed this. When I used the Terminal to start the GUI by typing "system-config-bind", I see the following:
Code:
[root@ns1 ~]# system-config-bind
_IceTransSocketUNIXConnect: Cannot connect to non-local host localhost.localdomain

(bindconf:11744): GnomeUI-WARNING **: While connecting to session manager:
Could not open network socket.
I then added the line "localhost 127.0.0.1" to /etc/hosts, then rebooted, and the above didn't come up when I launched the GUI from the Terminal. However, when I tried to add a zone, it spitted out the following. I did the same thing on the box that is working fine and it didn't produce this.
Code:
Traceback (most recent call last):
  File "/usr/share/system-config-bind/NewZone.py", line 201, in response
    s.bind.create_zone( s.nmdcKey, s.zone.clas, s.zone.origin, s.zone.type, s.options['type'].value(), fname, s.soa, s.ns, s.options)
  File "/usr/share/system-config-bind/BIND.py", line 454, in create_zone
    s.zoneTree.load()
  File "/usr/share/system-config-bind/ZoneTree.py", line 1088, in load
    s.add_zone(origin, zone)
  File "/usr/share/system-config-bind/ZoneTree.py", line 1207, in add_zone
    if  z['config']['type'] in [ 'slave', 'stub' ]:
KeyError: 'type'
As per the manual, it should have populated the output of "hostname" in the "Authoritative Name Server" field on the "New Zone" form. But instead it showed "localhost." I'm not sure where it is getting this from.

grob115 07-24-2010 12:03 AM
I think I found the problem, which is really a bug with Red Hat. Can't believe this. The GUI was installed with the following RPM during the Install.
system-config-bind-4.0.3-4.el5.centos

As per the Red Hat Buzilla, there is a bug and system-config-bind-4.0.13-1.fc11 is supposed to have fixed this.

https://bugzilla.redhat.com/show_bug.cgi?id=505208

As to why it works on one of my boxes but not the other I don't know.

grob115 07-24-2010 02:47 AM
Just found out the SELinux reported the following
Code:
SummarySELinux is preventing the named daemon from writing to the zone directoryDetailed DescriptionSELinux has denied the named daemon from writing zone files. Ordinarily, named is not required to write to these files. Only secondary servers should be required to write to these directories. If this machine is not a secondary server, this could signal a intrusion attempt. Allowing AccessIf you want named to run as a secondary server and accept zone transfers you need to turn on the named_write_master_zones boolean: "setsebool -P named_write_master_zones=1" The following command will allow this access:setsebool -P named_write_master_zones=1
Despite this is a Master, not the Slave, DNS server. I executed the command to hope that the GUI can write the new zone files. But still, this doesn't work.

I also discovered that I need to create a symoblic link file /etc/named.conf to /var/named/chroot//etc/named.conf in order to have the "Authoritative Name Server" and "Responsible Person E-mail Address" to populate correctly with the information returned by "hostname" command.

grob115 07-24-2010 04:24 AM
Quote:
I also discovered that I need to create a symoblic link file /etc/named.conf to /var/named/chroot//etc/named.conf in order to have the "Authoritative Name Server" and "Responsible Person E-mail Address" to populate correctly with the information returned by "hostname" command.
Not sure what happened but again it doesn't populate the "hostname" details properly, and again saw some SELinux denial. I'm going to reinstall the OS without SELinux to see what happens.

grob115 07-24-2010 11:12 AM
Okay I found the way to do this properly. It has nothing to do with the bug and nothing to do with having to setup symbolic links. Also has nothing to do with SELinux. The actual steps are.
1) Setup networking
2) Start BIND GUI Tool. It would volunteer to create initial named.conf file.
Add Zone "xxx.com".
Within the zone, add NS, MX records and then add A records for the NS, MX records.
Save the settings.
3) cd /var/named/chroot/etc
rndc-confgen
Paste first section of rndc-confgen's output to /etc/rndc.conf
chmod 640 /etc/rndc.conf
chown root.named /etc/rndc.conf
4) Paste second section of rndc-confgen's output to /var/named/chroot/etc/named.conf
5) chkconfig --level 345 named on
service named start


All times are GMT -5. The time now is 05:24 PM.