Slave DNS Error

lindatan83 · 01-04-2006, 09:12 PM

Dear all,

My slave DNS encountered a permission denied error while receiving file from the master sever. I have changed all the files and folders permission to named user.

Error message from slaveDNS

dumping master file: tmp-XXXX3Qanex: open: permission denied
Jan 5 11:03:26 slaveDNS kernel: audit(1136430206.922:0): avc: denied { write } for pid=4086 comm=named name=named dev=sda3 ino=1687907 scontext=root:system_r:named_t tcontext=root

bject_r:etc_t tclass=dir
Jan 5 11:03:26 slaveDNS named[4084]: transfer of 'xxx.com/IN' from 192.168.0.221#53: failed while receiving responses: permission denied
Jan 5 11:03:26 slaveDNS named[4084]: transfer of 'xxx.com/IN' from 192.168.0.221#53: end of transfer

SlaveDNS - named.conf

zone "xxx.com" {
type slave;
file "xxx.com";
masters { 192.168.0.221; };
};

MasterDNS - named.conf

options {
directory "/etc/named";
allow-transfer { 192.168.0.222; };
};

zone "xxx.com" {
type master;
file "xxx.com";
};

Please advise.

knetknight · 09-01-2006, 09:02 PM

I know your post is kinda old but your symptoms are similar to mine. You wouldn't happen to have had this problem, and since solved it, on a suse 10.1 box did you? I've setup named many many times before with no problem but never on suse 10.1 (until today) and I'm having the exact errors you reported, even if I use suse 10.1's own DNS configuration tool, setting it up as DNS slave. I've found two temporary workarounds, on suse 10.1 anyway, that are simple and functional, if less than ideal in some ways.

option #1: Edit /etc/sysconfig/named and disable the chroot jail.

OR

option #2: Don't use a file "/path/to/file"; option in the slave definition, which keeps the zone data in ram and bypasses the need to write to a file at all and thus no permissions problems.

#2 is the better of the two imho as it doesn't compromise chroot security. It doesn't achieve a "hard copy" of the slave zone however if that's important to you. This is what i've settled for until I can figure out what 10.1's looking for.

Since SUSE's own DNS config tool couldn't make it work I have to believe it's a suse 10.1 bug. I haven't found anything on google for other 10.1 users having the same problem so if it's not a bug then my system is either uniquely jacked or I've overlooked something that's supposed to be obvious.

I'm going to keep plugging away at this but if anyone happens to know the cure I'm open to info., thanks.