named errors

kik · 11-07-2001, 06:30 AM

Few days ago I installed Bind 9.1.2 on Slackware with kernel 2.4.10. Our organization has two name servers, both are version 9. They are in master-slave relation. On master server named is running with as daemon UID, but the other is runing like root. Configuration files of zones in /etc/named are with -rw-r--r-- permissions. Every time when both servers comunicate each other these syslog messages is logged:

Nov 7 12:25:12 main /usr/sbin/named[23334]: transfer of 'here-is-a-slave-zone-file-name ' from here-is-a master-IP #53: receiving responses: permission denied
Nov 7 12:25:12 main /usr/sbin/named[23334]: dumping master file: tmp-XXXXgCqNaT: open: permission denied

Do anybody have any ideas? Thank you in advance

gosub · 11-10-2001, 04:34 PM

What I read out of this error message is that your master DNS server isn't configured to let the slave fetch the zone file.

In bind 8 you have to add this to your named.conf in order for specific slave servers to fetch zones:

allow-transfer {
10.10.10.10;
};

...where 10.10.10.10 is the IP of your slave server.

kik · 11-12-2001, 01:59 AM

I fix the problem. It was because the owner of /etc/named directory was root without write permission for others, but the named daemon is starting with "daemon" ownership (named -u daemon) . Also all zone files in this directory are owned by user "daemon" now and name servers are functioning correctly.
There is a allow-transfer directive with IP of slave server in named.conf file.
Thank you!

davef · 12-28-2001, 04:55 PM

I have had, or more correctly, am having the same problem. How did you change the user that Bind runs under? Did you change the user that Bind runs under or the permissions on the directory where the backup files where to be written?

kik · 01-23-2002, 09:51 AM

The option -u, followed by user name, runs named process under user UID : named -u daemon ("daemon" is the user). All .rev and zone files in /etc/named directory and directory as whole can be with this permissions:
owner group file/dir permissions
daemon daemon -rw-r--r-- for files in /etc/named
daemon daemon drwxr-xr-x for /etc/named directory
In may case it's working. Which backup files you mean?

davef · 01-23-2002, 11:04 AM

Quote:

Originally posted by kik
The option -u, followed by user name, runs named process under user UID : named -u daemon ("daemon" is the user). All .rev and zone files in /etc/named directory and directory as whole can be with this permissions:
owner group file/dir permissions
daemon daemon -rw-r--r-- for files in /etc/named
daemon daemon drwxr-xr-x for /etc/named directory
In may case it's working. Which backup files you mean?

Hey kik,

I got this all straightened out but thanks for the reply. I was setting up bind to run in a chroot jail and was a bit confused about a few things at the time. Most of this was because I was setting this up using the new views option and the server was actually a secondary server so it was a bit complicated. This was why I refered to the files as being backup files. Got it all up and running now though ;-)

Cheers

dave