Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 01-05-2006, 02:07 AM   #1
LQ Newbie
Registered: Aug 2004
Posts: 2

Rep: Reputation: 0
Unhappy Unable to perform zone transfer for DNS

Hi Guys!

I am having a problem with my DNS servers. It is running on RHEL 4.0 and have bind-9.2.4-2 installed.

I have a master and slave dns server. They are both able to dig and nslookup correctly. However, I am unable to perform zone transfers from the master to slave dns server.

The Named service had been started on both master and slave machines.

/var/log/messages on my master server shows this:

Jan 5 16:00:39 libra named[3952]: client transfer of '': AXFR-style IXFR started

/var/log/messages on my slave server shows this:

Jan 5 16:00:37 pisces named[3791]: dumping master file: tmp-XXXXM7QUDU: open: permission denied
Jan 5 16:00:37 pisces kernel: audit(1136448037.369:0): avc: denied { write } for pid=3792 comm=named name=named dev=sda3 ino=1687907 scontext=root:system_r:named_t tcontext=rootbject_r:etc_t tclass=dir
Jan 5 16:00:37 pisces named[3791]: transfer of '' from failed while receiving responses: permission denied
Jan 5 16:00:37 pisces named[3791]: transfer of '' from end of transfer

All files and folders related to named are issued the "chown named.named *" command. Let me know if I can provide more information to this problem.

Hope you guys can help me with this problem.

Thanks in advance! :|


Last edited by feef; 01-05-2006 at 02:12 AM.
Old 01-05-2006, 03:52 PM   #2
LQ Newbie
Registered: Apr 2005
Location: Warren
Posts: 4

Rep: Reputation: 0
Hi Feef,

I set up RHEL 4 this summer and I remember having the same problem. I went back to my notes and I see that I turned off SELinux protection on the named daemon. This was under System Settings, Security Level, SELinux Tab. I expanded what was under the Name Service and checked 'Disable SELinux protection for named service'

According to my notes, my zones transferred after that. However, I don't know exactly what protection I lost by changing this setting. Someone else may be able to explain further. I am fairly new to Linux so I do not claim to be an authority. I just saw your post and thought it sounded like what I experienced. Hopefully this will help.

Old 01-05-2006, 08:30 PM   #3
Registered: Dec 2005
Location: Lawrenceville GA
Distribution: Slackware, CentOS. Red Hat Enterprise Linux
Posts: 216

Rep: Reputation: 31
RHEL 4 has the named daemon locked down under SELinux and the only valid directories for zone files are /var/named with slave zones in /var/named/slaves. If you attempt to move these directories elsewhere with SELinux on, you get these very error messages. You either have to turn SELinux off or modify the SELinux conf files.
Old 04-24-2006, 03:10 PM   #4
LQ Newbie
Registered: Apr 2006
Location: USA
Distribution: Red Hat Enterprise
Posts: 3

Rep: Reputation: 0
you need to make these changes on your named.conf file on your secondary or slave server:

options {
directory "var/named/slaves";
query-source address * port 53;

you can only allow postings as a slave to the slave directory. That should work for you. I had the same message and that is what I figured out to be the issue. One change at a time!

Good luck!!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS secondary zone transfer problems jc materi Linux - Networking 5 04-04-2007 12:19 PM
DNS Windows To Linux Zone Transfer? rootking Linux - Networking 2 09-13-2004 01:29 AM
Public DNS Server - Zone Transfer - j33px0r Linux - Networking 2 04-14-2004 09:26 AM
Bind 9 - zone transfer using internal IP ? michael_util Slackware 1 03-25-2004 11:15 AM
DNS - Manual zone transfer roboli Linux - Networking 0 02-27-2002 08:42 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:35 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration