LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Unable to perform zone transfer for DNS (https://www.linuxquestions.org/questions/linux-networking-3/unable-to-perform-zone-transfer-for-dns-399714/)

feef 01-05-2006 02:07 AM
Unable to perform zone transfer for DNS
 
Hi Guys! :(

I am having a problem with my DNS servers. It is running on RHEL 4.0 and have bind-9.2.4-2 installed.

I have a master and slave dns server. They are both able to dig and nslookup correctly. However, I am unable to perform zone transfers from the master to slave dns server.

The Named service had been started on both master and slave machines.


/var/log/messages on my master server shows this:

Jan 5 16:00:39 libra named[3952]: client 192.168.10.222#32809: transfer of 'bcsis.com/IN': AXFR-style IXFR started


/var/log/messages on my slave server shows this:

Jan 5 16:00:37 pisces named[3791]: dumping master file: tmp-XXXXM7QUDU: open: permission denied
Jan 5 16:00:37 pisces kernel: audit(1136448037.369:0): avc: denied { write } for pid=3792 comm=named name=named dev=sda3 ino=1687907 scontext=root:system_r:named_t tcontext=root:object_r:etc_t tclass=dir
Jan 5 16:00:37 pisces named[3791]: transfer of 'bcsis.com/IN' from 192.168.10.221#53: failed while receiving responses: permission denied
Jan 5 16:00:37 pisces named[3791]: transfer of 'bcsis.com/IN' from 192.168.10.221#53: end of transfer


All files and folders related to named are issued the "chown named.named *" command. Let me know if I can provide more information to this problem.

Hope you guys can help me with this problem.

Thanks in advance! :|

Cheers,
feef

collins92 01-05-2006 03:52 PM
Hi Feef,

I set up RHEL 4 this summer and I remember having the same problem. I went back to my notes and I see that I turned off SELinux protection on the named daemon. This was under System Settings, Security Level, SELinux Tab. I expanded what was under the Name Service and checked 'Disable SELinux protection for named service'

According to my notes, my zones transferred after that. However, I don't know exactly what protection I lost by changing this setting. Someone else may be able to explain further. I am fairly new to Linux so I do not claim to be an authority. I just saw your post and thought it sounded like what I experienced. Hopefully this will help.

Collins92

centauricw 01-05-2006 08:30 PM
RHEL 4 has the named daemon locked down under SELinux and the only valid directories for zone files are /var/named with slave zones in /var/named/slaves. If you attempt to move these directories elsewhere with SELinux on, you get these very error messages. You either have to turn SELinux off or modify the SELinux conf files.

lapicella27 04-24-2006 03:10 PM
you need to make these changes on your named.conf file on your secondary or slave server:

options {
directory "var/named/slaves";
query-source address * port 53;
};

you can only allow postings as a slave to the slave directory. That should work for you. I had the same message and that is what I figured out to be the issue. One change at a time!

Good luck!!


All times are GMT -5. The time now is 11:05 AM.