Thanks I have updated bind-lib. now it shows following error
[root@server ~]# /usr/sbin/named -g -d3 -u named -t /var/named/ 01-Oct-2012 07:50:09.558 starting BIND 9.7.4-P1-RedHat-9.7.4-2.P1.fc14 -g -d3 -u named -t /var/named/ 01-Oct-2012 07:50:09.558 built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-pkcs11=/usr/lib/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE' 01-Oct-2012 07:50:09.559 adjusted limit on open files from 1024 to 1048576 01-Oct-2012 07:50:09.559 found 1 CPU, using 1 worker thread 01-Oct-2012 07:50:09.580 using up to 4096 sockets 01-Oct-2012 07:50:09.639 decrement_reference: delete from rbt: 0xb785b0b0 . 01-Oct-2012 07:50:09.645 Using 101 tasks for zone loading 01-Oct-2012 07:50:09.686 loading configuration from '/etc/named.conf' 01-Oct-2012 07:50:09.687 none:0: open: /etc/named.conf: file not found 01-Oct-2012 07:50:09.694 load_configuration: file not found 01-Oct-2012 07:50:09.706 loading configuration: file not found 01-Oct-2012 07:50:09.706 exiting (due to fatal error) [root@zohaibserver zohaib]# ls -l /etc/named.conf -rwxr-xr-x. 1 root named 1307 Sep 28 06:10 /etc/named.conf Error shows named.conf not found in /etc but it is actually present there. |
I think that you have somehow messed up your bind installation.
Anyway use a symlink to define the chrooted named.conf: Code:
ln -s /etc/named/conf /var/named/chroot/etc/ |
ln -s /etc/named/conf /var/named/chroot/etc/
Same error I tried this for installing any missing package: yum install bind* then again tried but no effect. -/etc/named/ this directory is empty by default -all files are in /var/named & /var/named/chroot/ -/etc/named.conf is present here as well as in /var/named/chroot/etc/named.conf |
I cannot tell what's wrong with your bind installation, so better uninstall everything related to bind, keep a backup of your zone files and start over using this howto
Regards |
first of all be sure which package of bind are you trying to install as it seems you are meshed up completely
Code:
# rpm -qa | grep bind and if you have both I would advise you to remove one of them. Move forward as per your usage. Here I have prepared list of steps you need to follow for the configuration in RedHat. I don't think there should be any command difference between redhat and fedora. DNS configuration |
Deepak
DNS configuration I have followed your stated link service started successfully but dns checking is not successful [root@server named]# dig -x 192.168.1.91 ; <<>> DiG 9.7.4-P1-RedHat-9.7.4-2.P1.fc14 <<>> -x 192.168.1.91 ;; global options: +cmd ;; connection timed out; no servers could be reached [root@server named]# dig -x server.example.com ; <<>> DiG 9.7.4-P1-RedHat-9.7.4-2.P1.fc14 <<>> -x server.example.com ;; global options: +cmd ;; connection timed out; no servers could be reached My distro is fedora 14 |
Dear, There was mistake in last post, my service is not started it gives following errors
Oct 2 06:23:26 zohaibserver named[5112]: starting BIND 9.7.4-P1-RedHat-9.7.4-2.P1.fc14 -u named -t /var/named/chroot Oct 2 06:23:26 zohaibserver named[5112]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-pkcs11=/usr/lib/pkcs11/PKCS11_API.so' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE' Oct 2 06:23:26 zohaibserver named[5112]: adjusted limit on open files from 1024 to 1048576 Oct 2 06:23:26 zohaibserver named[5112]: found 1 CPU, using 1 worker thread Oct 2 06:23:26 zohaibserver named[5112]: using up to 4096 sockets Oct 2 06:23:26 zohaibserver named[5112]: Using 101 tasks for zone loading Oct 2 06:23:26 zohaibserver named[5112]: loading configuration from '/etc/named.conf' Oct 2 06:23:26 zohaibserver named[5112]: none:0: open: /etc/named.conf: permission denied Oct 2 06:23:26 zohaibserver named[5112]: loading configuration: permission denied Oct 2 06:23:26 zohaibserver named[5112]: exiting (due to fatal error) |
Quote:
Anyway, change the owner of the chroot directory to user named: Code:
chown -R named /var/named/chroot |
I have done your stated command now i am facing this problem:
Oct 2 10:49:11 server named[2706]: /etc/named.conf:239: using specific query-source port suppresses port randomization and can be insecure. Oct 2 10:49:11 server named[2706]: /etc/named.conf:240: using specific query-source port suppresses port randomization and can be insecure. Oct 2 10:49:11 server named[2706]: command channel listening on 127.0.0.1#953 Oct 2 10:49:11 server named[2706]: command channel listening on ::1#953 Oct 2 10:49:11 server named[2706]: the working directory is not writable Oct 2 10:49:11 server named[2706]: isc_stdio_open 'data/named.run' failed: permission denied Oct 2 10:49:11 server named[2706]: configuring logging: permission denied Oct 2 10:49:11 server named[2706]: loading configuration: permission denied Oct 2 10:49:11 server named[2706]: exiting (due to fatal error) |
Quote:
Quote:
Code:
chown -R named /var/named/chroot/var/named/data |
Ok, but:
[root@server ]# ls -l /var/named/chroot/ total 16 drwxrwxrwx. 2 named named 4096 Oct 2 05:10 dev drwxrwxrwx. 4 named named 4096 Oct 4 02:14 etc drwxrwxrwx. 3 named root 4096 Sep 27 07:08 usr drwxrwxrwx. 6 named named 4096 Oct 2 05:10 var [root@server ]# ls -l /var/named/chroot/etc/ total 36 drwxrwxrwx. 2 named named 4096 Nov 16 2011 named -rwxrwxrwx. 1 named root 8408 Oct 4 02:07 named.conf -rwxrwxrwx. 1 named root 2540 Sep 29 04:02 named.iscdlv.key -rwxrwxrwx. 1 named root 1119 Oct 2 05:55 named.rfc1912.zones -rwxrwxrwx. 1 named root 487 Sep 29 04:00 named.root.key drwxrwxrwx. 3 named root 4096 Oct 2 05:10 pki [root@server zohaib]# ls -l /var/named/chroot/var/named/ total 56 -rwxrwxrwx. 1 named root 294 Sep 27 07:09 1.168.192.in-addr.arpa.zone -rwxrwxrwx. 1 named root 272 Oct 2 06:15 192.168.1.zone -rwxrwxrwx. 1 named root 209 Oct 2 06:13 192.168.1.zone.bk drwxrwxrwx. 2 named root 4096 Oct 2 03:53 data -rwxrwxrwx. 1 named root 271 Oct 2 06:12 example.com.zone -rwxrwxrwx. 1 named root 230 Oct 2 06:09 example.com.zone.bk -rwxrwxrwx. 1 named root 298 Sep 27 07:09 mydomain.com.zone -rwxrwxrwx. 1 named root 56 Oct 2 03:35 my.external.zone.db -rwxrwxrwx. 1 named root 56 Oct 2 03:35 my.internal.zone.db -rwxrwxrwx. 1 named root 1892 Oct 2 03:35 named.ca -rwxrwxrwx. 1 named root 152 Oct 2 03:35 named.empty -rwxrwxrwx. 1 named root 152 Oct 2 03:35 named.localhost -rwxrwxrwx. 1 named root 168 Oct 2 03:35 named.loopback drwxrwxrwx. 2 named root 4096 Oct 2 03:36 slaves [root@server ]# ls -l /var/named/chroot/var/named/data/ total 0 Error Oct 4 02:24:16 server named[3087]: command channel listening on 127.0.0.1#953 Oct 4 02:24:16 server named[3087]: command channel listening on ::1#953 Oct 4 02:24:16 server named[3087]: the working directory is not writable Oct 4 02:24:16 server named[3087]: isc_stdio_open 'data/named.run' failed: permission denied Oct 4 02:24:16 server named[3087]: configuring logging: permission denied Oct 4 02:24:16 server named[3087]: loading configuration: permission denied Oct 4 02:24:16 server named[3087]: exiting (due to fatal error) ++++++Oct 4 02:24:26 server setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l f95dd86a-5499-4e3c-8d9f-805f4090da3a Oct 4 02:24:26 server setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l a1ef2c9c-1785-4e72-9edb-e06731be0acb |
Quote:
It should be 53 instead of 953 as shown in the error Disable your selinux and restart your machine then try to restart your named services |
There is no any port 953 defined
vim /var/named/chroot/etc/named.conf options { listen-on port 53 { 127.0.0.1; 192.168.1.91; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; # query-source port 53; #query-source-v6 port 53; allow-query { localhost; 192.168.1.0/24;}; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; 192.168.1.0/24; }; match-destinations { localhost; 192.168.1.0/24; }; recursion yes; include "/etc/named.rfc1912.zones"; }; |
kindly show me the output of
Code:
#netstat -ntlp | grep named Restart your machine to make the changes affect and post your results |
netstat -ntlp | grep named
No result [root@server zohaib]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 904/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1336/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1196/cupsd tcp 0 0 0.0.0.0:38199 0.0.0.0:* LISTEN 1010/rpc.statd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1367/sendmail: acce tcp 0 0 0.0.0.0:637 0.0.0.0:* LISTEN 1303/ypserv tcp 0 0 :::111 :::* LISTEN 904/rpcbind tcp 0 0 :::55604 :::* LISTEN 1010/rpc.statd tcp 0 0 :::22 :::* LISTEN 1336/sshd tcp 0 0 ::1:631 :::* LISTEN 1196/cupsd Ok now I am going to disabling selinux, then test and will come back here |
All times are GMT -5. The time now is 10:01 PM. |