|
Bind/named can't open zone files for some reason
So, we're switching our main DNS over to a new system. The old one ran RH7.3 and the new one is 9.0. After a bit of twiddling, I decided it was easiest to just type all of the stuff into redhat-config-bind rather than trying to move over the files, given that they're different versions of bind (and redhat-config-bind) and so forth.
I have set the new machine up identically with the old one, as far as I can see. Bind is run -u named (that is, as the user named.) The / and /var directories are readable and executable by everyone, and /var/named is owned by named. All the files in /var/named are owned by named, and are read/write by user and readable by everyone else.
However, when I start up named, I get the following in the log: (Note that the moos and the foos and so forth are for disguising purposes)
Feb 2 10:44:20 public named[10495]: starting BIND 9.2.1 -u named
Feb 2 10:44:20 public named[10495]: using 4 CPUs
Feb 2 10:44:20 public named[10495]: loading configuration from '/etc/named.conf'
Feb 2 10:44:20 public named[10495]: no IPv6 interfaces found
Feb 2 10:44:20 public named[10495]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 2 10:44:20 public named[10495]: listening on IPv4 interface eth0, moo.moo.moo.moo#53
Feb 2 10:44:20 public named[10495]: command channel listening on 127.0.0.1#953
Feb 2 10:44:20 public named[10495]: zone 0.0.127.in-addr.arpa/IN: loading master file 0.0.127.in-addr.arpa.zone: permission denied
Feb 2 10:44:20 public named[10495]: zone moo.moo.moo.in-addr.arpa/IN: loading master file moo.moo.moo.in-addr.arpa.zone: permission denied
Feb 2 10:44:20 public named[10495]: zone foo.com/IN: loading master file foo.com.zone: permission denied
Feb 2 10:44:20 public named[10495]: zone bar.com/IN: loading master file bar.com.zone: permission denied
Feb 2 10:44:20 public named[10495]: zone bar.co.jp/IN: loading master file bar.co.jp.zone: permission denied
Feb 2 10:44:20 public named[10495]: zone localhost/IN: loading master file localhost.zone: permission denied
Feb 2 10:44:20 public named[10495]: running
Now, if I go into the /etc/named.conf file and I change all of the entries from something like this:
zone "localhost" {
type master;
file "localhost.zone";
};
into something like this:
zone "localhost" {
type master;
file "/var/named/localhost.zone";
};
then it WORKS FINE.
Yes, I'm sure that / and /private and /var are all publicly readable and executable, and that named is running as user named.
Now, that would be a solution to my problem, except that every time someone plays with redhat-config-bind, it resets those paths back to the simple filename again, and things stop working again. And we have to play with our name server fairly frequently, and there's more than one of us, and trust me when I say that things are just going to stop working if I use this, so I really want to figure out what's ACTUALLY wrong.
Oh, and no, I'm not using any fancy-schmancy change-of-root settings for this. (Of course, if I were, /etc/named.conf probably wouldn't be found either.)
Any clues, anyone?
--Adam Lang
|
