Unable to perform zone transfer for DNS
Hi Guys! :(
I am having a problem with my DNS servers. It is running on RHEL 4.0 and have bind-9.2.4-2 installed. I have a master and slave dns server. They are both able to dig and nslookup correctly. However, I am unable to perform zone transfers from the master to slave dns server. The Named service had been started on both master and slave machines. /var/log/messages on my master server shows this: Jan 5 16:00:39 libra named[3952]: client 192.168.10.222#32809: transfer of 'bcsis.com/IN': AXFR-style IXFR started /var/log/messages on my slave server shows this: Jan 5 16:00:37 pisces named[3791]: dumping master file: tmp-XXXXM7QUDU: open: permission denied Jan 5 16:00:37 pisces kernel: audit(1136448037.369:0): avc: denied { write } for pid=3792 comm=named name=named dev=sda3 ino=1687907 scontext=root:system_r:named_t tcontext=root:object_r:etc_t tclass=dir Jan 5 16:00:37 pisces named[3791]: transfer of 'bcsis.com/IN' from 192.168.10.221#53: failed while receiving responses: permission denied Jan 5 16:00:37 pisces named[3791]: transfer of 'bcsis.com/IN' from 192.168.10.221#53: end of transfer All files and folders related to named are issued the "chown named.named *" command. Let me know if I can provide more information to this problem. Hope you guys can help me with this problem. Thanks in advance! :| Cheers, feef |
Hi Feef,
I set up RHEL 4 this summer and I remember having the same problem. I went back to my notes and I see that I turned off SELinux protection on the named daemon. This was under System Settings, Security Level, SELinux Tab. I expanded what was under the Name Service and checked 'Disable SELinux protection for named service' According to my notes, my zones transferred after that. However, I don't know exactly what protection I lost by changing this setting. Someone else may be able to explain further. I am fairly new to Linux so I do not claim to be an authority. I just saw your post and thought it sounded like what I experienced. Hopefully this will help. Collins92 |
RHEL 4 has the named daemon locked down under SELinux and the only valid directories for zone files are /var/named with slave zones in /var/named/slaves. If you attempt to move these directories elsewhere with SELinux on, you get these very error messages. You either have to turn SELinux off or modify the SELinux conf files.
|
you need to make these changes on your named.conf file on your secondary or slave server:
options { directory "var/named/slaves"; query-source address * port 53; }; you can only allow postings as a slave to the slave directory. That should work for you. I had the same message and that is what I figured out to be the issue. One change at a time! Good luck!! |
All times are GMT -5. The time now is 11:05 AM. |