named - the working directory is not writable
Mandriva 2009.1 Bind 9.6.0-P1. Mandriva downloaded a security update
this yesterday morning for Bind. When restarting I noticed the above line in my syslog. Running [root@localhost ~]# named-checkconf -z /etc/named.conf:17: open: /etc/bogon_acl.conf: file not found The permissions for the files in /var/lib/named/etc are: -rw-r--r-- 1 root root 1966 2009-07-29 07:57 bogon_acl.conf -rw-r--r-- 1 root root 42 2009-07-29 07:57 hosts -rw-r--r-- 1 root root 3543 2009-07-30 17:09 localtime -rw-r--r-- 1 root root 2165 2009-05-13 20:44 logging.conf -rw-r--r-- 1 root root 2123 2009-03-08 09:11 logging.conf~ -rw-r--r-- 1 root root 2165 2009-05-03 19:03 logging.conf.rpmsave -rw-r--r-- 1 root root 3950 2009-05-09 20:06 named.conf -rw-r--r-- 1 root root 4125 2009-05-09 19:38 named.conf.rpmsave -rw-r----- 1 root named 350 2009-05-09 19:56 rndc.conf -rw-r----- 1 root named 350 2009-05-03 15:31 rndc.conf.rpmsave -rw-r----- 1 root named 259 2009-05-09 19:56 rndc.key -rw-r----- 1 root named 259 2009-05-03 15:31 rndc.key.rpmsave -rw-r--r-- 1 root root 627 2009-07-29 07:57 trusted_networks_acl.conf Permissions for /var/lib/named [chris@localhost named]$ ls -l total 16 drwxr-xr-x 2 root root 4096 2009-07-29 07:57 dev/ drwxr-xr-x 2 root root 4096 2009-07-30 17:09 etc/ -rw-r--r-- 1 root root 2954 2009-02-15 05:18 named.ca dr-xr-xr-x 173 root root 0 2009-07-08 19:44 proc/ drwxr-xr-x 6 root root 4096 2009-07-29 07:57 var/ Permissions for /var/lib/named/var [chris@localhost var]$ ls -l total 16 drwxr-xr-x 3 named named 4096 2009-07-29 07:57 log/ drwxr-xr-x 5 root root 4096 2009-07-30 06:11 named/ drwxr-xr-x 2 named named 4096 2009-07-30 17:09 run/ drwxr-xr-x 2 named named 4096 2009-07-29 07:57 tmp/ File permissions in /var/lib/named/var/named: [chris@localhost named]$ ls -l total 16 drwxr-xr-x 2 named named 4096 2009-07-30 06:11 master/ -rw-r--r-- 1 root root 2954 2009-07-29 07:57 named.ca drwxr-xr-x 2 named named 4096 2009-07-30 06:11 reverse/ drwxr-xr-x 2 named named 4096 2009-07-29 07:57 slaves/ Or is everything ok and the the line in the subject can be ignored? Thanks Chris Note - I'm only using bind as a local caching name server on my stand alone, single user box to speed up spam processing. Thanks for any advice Chris |
Hi Chris,
>/etc/named.conf:17: open: /etc/bogon_acl.conf: file not found Could you try creating a link in /etc using the following command: #ln -s /var/lib/named/etc/bogon_acl.conf /etc And possibly, you can fix it right away by giving permissions to the user under which bind is being running(probably named or bind). #chown bind.bind /var/lib/named/* And before making this changes please take the backup using the following command: cp -av /var/lib/named /var/lib/named.bak (just in case, though you have mentioned that you're just using it for caching.) Hope this helps. |
Quote:
Aug 1 16:40:29 localhost named[7833]: starting BIND 9.6.0-P1 -u named -t /var/lib/named Aug 1 16:40:29 localhost named[7833]: built with 'i586-mandriva-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/lib' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--x-includes=/usr/include' '--x-libraries=/usr/lib' '--localstatedir=/var' '--disable-openssl-version-check' '--enable-threads' '--enable-largefile' '--enable-ipv6' '--enable-epoll' '--with-openssl=/usr/include/openssl' '--with-gssapi=/usr' '--disable-isc-spnego' '--with-randomdev=/dev/urandom' '--with-libxml2=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-bdb=no' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-odbc=no' '--with-dlz-stub=yes' 'build_alias=i586-mandriva-linux-gnu' 'host_alias=i586-mandriva-linux-gnu' 'target_alias=i586-mandriva-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_F Aug 1 16:40:29 localhost named[7833]: found 1 CPU, using 1 worker thread Aug 1 16:40:29 localhost named[7833]: using up to 4096 sockets Aug 1 16:40:29 localhost named[7833]: loading configuration from '/etc/named.conf' Aug 1 16:40:29 localhost named[7833]: max open files (1024) is smaller than max sockets (4096) Aug 1 16:40:29 localhost named[7833]: statistics channel listening on 127.0.0.1#5380 Aug 1 16:40:29 localhost named[7833]: using default UDP/IPv4 port range: [1024, 65535] Aug 1 16:40:29 localhost named[7833]: using default UDP/IPv6 port range: [1024, 65535] Aug 1 16:40:29 localhost named[7833]: listening on IPv4 interface lo, 127.0.0.1#53 Aug 1 16:40:29 localhost named[7833]: listening on IPv4 interface eth0, 192.168.2.2#53 Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 127.IN-ADDR.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 254.169.IN-ADDR.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: D.F.IP6.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 8.E.F.IP6.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: 9.E.F.IP6.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: A.E.F.IP6.ARPA Aug 1 16:40:29 localhost named[7833]: automatic empty zone: B.E.F.IP6.ARPA Aug 1 16:40:29 localhost named[7833]: command channel listening on 127.0.0.1#953 Aug 1 16:40:29 localhost named[7833]: the working directory is not writable Just what is the "working directory" Chris |
Quote:
Code:
chown -R named:named /var/lib/named/var/named |
Thank you that seems to have fixed the problem. Perissons look right now:
[root@localhost ~]# ls -l /var/lib/named/var total 16 drwxr-xr-x 3 named named 4096 2009-07-29 07:57 log/ drwxr-xr-x 5 named named 4096 2009-07-30 06:11 named/ drwxr-xr-x 2 named named 4096 2009-08-01 17:51 run/ drwxr-xr-x 2 named named 4096 2009-07-29 07:57 tmp/ [root@localhost ~]# ls -l /var/lib/named/var/named total 16 drwxr-xr-x 2 named named 4096 2009-07-30 06:11 master/ -rw-r--r-- 1 root root 2954 2009-07-29 07:57 named.ca drwxr-xr-x 2 named named 4096 2009-07-30 06:11 reverse/ drwxr-xr-x 2 named named 4096 2009-07-29 07:57 slaves/ I wasn't sure about chaning all permissions using -R so just manually changed those of /var/lib/named/var/named to start. Should the entries in /master /reverse and /slaves as well as named.ca above also be named:named? [root@localhost ~]# ls -l /var/lib/named/var/named/master total 12 -rw-r--r-- 1 root root 329 2009-03-17 17:34 empty -rw-r--r-- 1 root root 198 2009-07-29 07:57 localdomain.zone -rw-r--r-- 1 root root 195 2009-07-29 07:57 localhost.zone |
Glad to see it worked.
First of all since you're running a caching dns, you don't need these directories. The only thing you need is named.ca (that is the root.hints zone file) and optionally the zone file for the 0.0.127.in-addr.arpa zone (I guess it's localdomain.zone). Second, the "working" directory must be owned by the user that runs bind, because in some configurations bind has to write things in there (logs, stats, dynamic updates etc). In your case there is no harm to leave it as is. Regards |
Thank you for the help. I've noted the ownership info you gave above. Would have thought Mandriva would have set these correctly when the rpm was installed.
Thanks again Chris |
I have the same problem, except my dir is /var/named/chroot that named runs chroot-ed out of. Tried modifying the instructions above to suit my config here, but on restarting bind, it could not find the directory.
|
All times are GMT -5. The time now is 05:13 PM. |