Hi all,

This is the entry which iam seeing in my /var/log/messages.

because of the issue now i cant able to write the zone file, via my application. automatically..is it possible to resolve this issue!!!

Thanks in Advance!!

change permissions ... selinux?

Hi,

chmod -R 775 /var/named/chroot/var/named

i give this permission..

and my selinux also disabled!!

Still its not working!!!

0 members found this post helpful.

Well, you again don't say what version/distro of Linux you're using, what you're trying to accomplish, or give us any details about your application, so how can we give you advice?

From the little detail you've given, it seems you're running BIND in a chroot jail. Basic docs are here:
http://www.linuxdoc.org/HOWTO/Chroot-BIND-HOWTO-2.html

If you followed them, you'll notice that BIND won't be running as root, and that the user it DOES run as won't have shell access. Either of those could be the issue, but again, without details we can't help.

Hi TB0ne;

my Distro : Fedora release 8

and bind version

bind-chroot-9.5.0-29.P2.fc8
bind-libs-9.5.0-29.P2.fc8
bind-utils-9.5.0-29.P2.fc8
bind-9.5.0-29.P2.fc8

via our web application client can add the DNS zone but now the problem is from the application we cant able to write the zone file in the path

/var/named/chroot/named/zones/client

[root@srs zones]# pwd
/var/named/chroot/var/named/zones
[root@srs zones]# ll
total 180
drwxrwx--- 13 named named 4096 2010-05-31 13:58 back
drwxrwx--- 2 named named 77824 2011-07-01 16:01 clients
drwxrwx--- 3 named named 4096 2011-07-01 10:58 conf
drwxrwx--- 4 named named 65536 2011-06-24 14:52 dnssec
drwxrwx--- 2 named named 4096 2010-02-15 04:14 dnssecA
drwxrwx--- 2 named named 4096 2010-02-16 15:30 dnssecB
drwxrwx--- 2 named named 4096 2011-06-30 05:42 master
drwxrwx--- 3 named named 4096 2011-07-01 16:00 parking
-rwxrwx--- 1 named named 91 2010-05-13 05:16 test1.txt
-rwxrwx--- 1 named named 90 2010-05-03 09:12 testl.txt


this is the file permissions.

Please look at this issue any one!! still no luck for me..still iam facing this problem...

In case you haven't noticed, we VOLUNTEER our time here. Don't come back in 30 minutes, and bump your own thread, telling us to hurry up. If you need **URGENT** help, then I suggest you purchase RedHat or SuSE enterprise, and PAY THEM to be there for you 24/7.
Fedora 8 is ANCIENT...the latest is 15. And your description of the problem makes no sense. Your original post says "not able to write in zone file". You follow up with you CAN add the zone...then say you can't write the zone file in the path. ???? Are you able to add the zone or not? Since you're in such a hurry, you may want to follow up with things like DETAILS about your application, what you're seeing in the web log files (since it's web based), etc.

That said, since the files are owned by named...chances are your web server is NOT running as that same user, and the permissions you've got prohibit anyone other than named user/group from writing to them, don't they? You'd have to do things that aren't too safe to allow your web engine user to write to those files.

Hi TB0ne,

Thanks Man..I know its very ancient what to do last week only i joined in this company.

I hope we will migrate our application to Centos 5.5 soon.

Dude!! now its working!!

i changed the entire

cd /var

Chown -R named:named

chmod -R 777 named

after that its working...but have doubt for named dir iam gave 777 is that any security issue

in this??

Thanks in Advance!!

And CentOS 5.5 is one version back. Latest is 5.6...and since you acknowledge you read the piece about FC8, how about acknowledging the piece about telling us to hurry up, and bumping your own thread after 30 minutes?
"Doubt" and "question" mean two different things. And yes, 777 permissions are ALWAYS security holes, and this is especially bad. Now, ANYONE can write to/erase/modify your log files, databases, DNS zones, etc. Read your log files to see where the error(s) are coming up, and WHY, and modify permissions sparingly.

Hi all,

ya now i changed the folder permission to 775 and its working fine. now but, now i cant able to

transfer zones in my secondary server.

in log files its shows like this.


and my named.conf file like this

Thanks in advance

Restore permissions ('man rpm' see "--setperms" and "--setugids") before doing anything else. And FCOL use an expendable workstation or staging machine for testing stuff on.


So change the serial.


The reason you are not able to get your web application to modify zone files is that the user your web server runs as has no rights to do so. Thinking that because it has no rights you should give it any is a major mistake and only serves to show your lack of knowledge wrt things .*NIX. DO WORK ON THAT stat because mistakes like these can seen funny and harmless to you but to more seasoned users or victims of such mistakes I ASSURE YOU THEY ARE NOT. That said, wrt your "application" search the 'net (Freshmeat, Sourceforge) for any existing ones. This will 0) relieve your company from your mistakes, 1) you from being forced to toil and support something that isn't supposed to work like that anyway, 2) up to date Off-The-Shelf Open Source Software usually comes with instructions on how to make things work, developers to harass and a support community reachable via email, forum, trac, IRC or whatever else.

Hi, unSpawn

ya you are right i am new to this domain and lack of knowledge in this domain, but no one

born perfect..born genius... so i hope i will do my work best soon as System Admin, but now

my thinking is to resolve this problem ASAP, for that what are things i need to do ..


1. to update a bind is a right thing?


2. What zone serial i need to change?

It's got nothing to do with "hope" or "being a genius" but with reading, reading and to top it off some more reading. (OK and practicing. Lotsa.)


If you mean a zone file, yes.


Red Hat is known for providing basic documentation and Fedora is no exception. Here is the "Editing Zone files" chapter from each distributions Deployment Guide for:
- Fedora 14: http://docs.fedoraproject.org/en-US/...bind-zone.html
- Centos-5: http://www.centos.org/docs/5/html/De...bind-zone.html
- RHEL-6: http://docs.redhat.com/docs/en-US/Re...bind-zone.html
In addition you should quick-scan http://www.isc.org/software/bind/documentation and bookmark http://www.bind9.net/. If dead trees are your thing see if your company has (or will buy) a copy of The BIND 9 DNS Administration Reference Book (Reed) or The Cricket Book.

Hi unSpawn,

if i restart the named its not starting and its shows errors like this and finaly failed


Dont know what happening in our production server..

why suddenly its happening , and my bind version - bind-9.5.0-29.P2.fc8

Dont know how to fix this issue , What mistake i am doing here??

Address doesn't end with a dot? Use 'named-checkzone' after you made changes.


Look at your db.anish.com zone file: it has a serial of "2009051801" (as in YYYYMMDD+zero-padded incr).


Add a TTL line to the beginning or add the TTL to the first record in the zone file.


I told you to use an expendable workstation to test stuff out on.