Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
07-01-2011, 10:09 AM
|
#1
|
Member
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 294
Rep:
|
Not able to write in zone file!!
Hi all,
This is the entry which iam seeing in my /var/log/messages.
Quote:
the working directory is not writable
default max-cache-size (33554432) applies
default max-cache-size (33554432) applies: view _bind
|
because of the issue now i cant able to write the zone file, via my application. automatically..is it possible to resolve this issue!!!
Thanks in Advance!!
|
|
|
07-01-2011, 10:34 AM
|
#2
|
Senior Member
Registered: Jul 2006
Location: Kolkata, India
Distribution: Debian 64-bit GNU/Linux, Kubuntu64, Fedora QA, Slackware,
Posts: 2,766
Rep:
|
change permissions ... selinux?
|
|
|
07-01-2011, 10:57 AM
|
#3
|
Member
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 294
Original Poster
Rep:
|
Hi,
chmod -R 775 /var/named/chroot/var/named
i give this permission..
and my selinux also disabled!!
Still its not working!!!
|
|
0 members found this post helpful.
|
07-01-2011, 12:21 PM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,430
|
Quote:
Originally Posted by anishkumarv
Hi all,
This is the entry which iam seeing in my /var/log/messages.
because of the issue now i cant able to write the zone file, via my application. automatically..is it possible to resolve this issue!!!
Thanks in Advance!!
|
Well, you again don't say what version/distro of Linux you're using, what you're trying to accomplish, or give us any details about your application, so how can we give you advice?
From the little detail you've given, it seems you're running BIND in a chroot jail. Basic docs are here:
http://www.linuxdoc.org/HOWTO/Chroot-BIND-HOWTO-2.html
If you followed them, you'll notice that BIND won't be running as root, and that the user it DOES run as won't have shell access. Either of those could be the issue, but again, without details we can't help.
|
|
|
07-01-2011, 01:57 PM
|
#5
|
Member
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 294
Original Poster
Rep:
|
Hi TB0ne;
my Distro : Fedora release 8
and bind version
bind-chroot-9.5.0-29.P2.fc8
bind-libs-9.5.0-29.P2.fc8
bind-utils-9.5.0-29.P2.fc8
bind-9.5.0-29.P2.fc8
via our web application client can add the DNS zone but now the problem is from the application we cant able to write the zone file in the path
/var/named/chroot/named/zones/client
[root@srs zones]# pwd
/var/named/chroot/var/named/zones
[root@srs zones]# ll
total 180
drwxrwx--- 13 named named 4096 2010-05-31 13:58 back
drwxrwx--- 2 named named 77824 2011-07-01 16:01 clients
drwxrwx--- 3 named named 4096 2011-07-01 10:58 conf
drwxrwx--- 4 named named 65536 2011-06-24 14:52 dnssec
drwxrwx--- 2 named named 4096 2010-02-15 04:14 dnssecA
drwxrwx--- 2 named named 4096 2010-02-16 15:30 dnssecB
drwxrwx--- 2 named named 4096 2011-06-30 05:42 master
drwxrwx--- 3 named named 4096 2011-07-01 16:00 parking
-rwxrwx--- 1 named named 91 2010-05-13 05:16 test1.txt
-rwxrwx--- 1 named named 90 2010-05-03 09:12 testl.txt
this is the file permissions.
Last edited by anishkumarv; 07-01-2011 at 03:37 PM.
|
|
|
07-01-2011, 02:31 PM
|
#6
|
Member
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 294
Original Poster
Rep:
|
Please look at this issue any one!! still no luck for me..still iam facing this problem...
|
|
|
07-01-2011, 02:54 PM
|
#7
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,430
|
Quote:
Originally Posted by anishkumarv
Please look at this issue any one!! still no luck for me..still iam facing this problem...
|
In case you haven't noticed, we VOLUNTEER our time here. Don't come back in 30 minutes, and bump your own thread, telling us to hurry up. If you need **URGENT** help, then I suggest you purchase RedHat or SuSE enterprise, and PAY THEM to be there for you 24/7.
Quote:
Originally Posted by anishkumarv
my Distro : Fedora release 8
Actually our version vi web application client can add the DNS zone but now the problem is from the application we cant able to write the zone file in the path
|
Fedora 8 is ANCIENT...the latest is 15. And your description of the problem makes no sense. Your original post says "not able to write in zone file". You follow up with you CAN add the zone...then say you can't write the zone file in the path. ???? Are you able to add the zone or not? Since you're in such a hurry, you may want to follow up with things like DETAILS about your application, what you're seeing in the web log files (since it's web based), etc.
That said, since the files are owned by named...chances are your web server is NOT running as that same user, and the permissions you've got prohibit anyone other than named user/group from writing to them, don't they? You'd have to do things that aren't too safe to allow your web engine user to write to those files.
|
|
|
07-01-2011, 03:31 PM
|
#8
|
Member
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 294
Original Poster
Rep:
|
Hi TB0ne,
Thanks Man..I know its very ancient what to do last week only i joined in this company.
I hope we will migrate our application to Centos 5.5 soon.
Dude!! now its working!!
i changed the entire
cd /var
Chown -R named:named
chmod -R 777 named
after that its working...but have doubt for named dir iam gave 777 is that any security issue
in this??
Thanks in Advance!!
|
|
|
07-01-2011, 05:11 PM
|
#9
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,430
|
Quote:
Originally Posted by anishkumarv
Hi TB0ne,
Thanks Man..I know its very ancient what to do last week only i joined in this company. I hope we will migrate our application to Centos 5.5 soon.
|
And CentOS 5.5 is one version back. Latest is 5.6...and since you acknowledge you read the piece about FC8, how about acknowledging the piece about telling us to hurry up, and bumping your own thread after 30 minutes?
Quote:
Dude!! now its working!! i changed the entire
cd /var
Chown -R named:named
chmod -R 777 named
after that its working...but have doubt for named dir iam gave 777 is that any security issue in this??
|
"Doubt" and "question" mean two different things. And yes, 777 permissions are ALWAYS security holes, and this is especially bad. Now, ANYONE can write to/erase/modify your log files, databases, DNS zones, etc. Read your log files to see where the error(s) are coming up, and WHY, and modify permissions sparingly.
Last edited by TB0ne; 07-01-2011 at 05:13 PM.
|
|
|
07-02-2011, 10:54 PM
|
#10
|
Member
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 294
Original Poster
Rep:
|
Hi all,
ya now i changed the folder permission to 775 and its working fine. now but, now i cant able to
transfer zones in my secondary server.
in log files its shows like this.
Quote:
zone serial unchanged. zone may fail to transfer to slaves
|
and my named.conf file like this
Quote:
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
//recursion yes;
recursion no;
dnssec-enable yes;
dnssec-validation yes;
request-ixfr no;
};
server 192.168.0.3{
request-ixfr yes;
};
#############################################################
# Logging
#############################################################
logging {
channel default_debug {
file "data/named.run" size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel dnssec_log { // a DNSSEC log channel
file "data/dnssec.log" size 20m;
print-time yes; // timestamp the entries
print-category yes; // add category name to entries
print-severity yes; // add severity level to entries
severity debug 3; // print debug message <= 3 t
};
category dnssec { dnssec_log; };
};
#############################################################
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/var/named/zones/conf/master_named.conf";
include "/var/named/zones/conf/clients_named.conf";
include "/var/named/zones/conf/parking_named.conf";
#include "/var/named/zones/conf/dnssecA_named.conf";
#include "/var/named/zones/conf/dnssecB_named.conf";
|
Thanks in advance
|
|
|
07-03-2011, 07:15 AM
|
#11
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by anishkumarv
i changed the folder permission to 775 and its working fine.
|
Restore permissions ('man rpm' see "--setperms" and "--setugids") before doing anything else. And FCOL use an expendable workstation or staging machine for testing stuff on.
Quote:
Originally Posted by anishkumarv
Code:
zone serial unchanged.
|
So change the serial.
The reason you are not able to get your web application to modify zone files is that the user your web server runs as has no rights to do so. Thinking that because it has no rights you should give it any is a major mistake and only serves to show your lack of knowledge wrt things .*NIX. DO WORK ON THAT stat because mistakes like these can seen funny and harmless to you but to more seasoned users or victims of such mistakes I ASSURE YOU THEY ARE NOT. That said, wrt your "application" search the 'net (Freshmeat, Sourceforge) for any existing ones. This will 0) relieve your company from your mistakes, 1) you from being forced to toil and support something that isn't supposed to work like that anyway, 2) up to date Off-The-Shelf Open Source Software usually comes with instructions on how to make things work, developers to harass and a support community reachable via email, forum, trac, IRC or whatever else.
|
|
|
07-03-2011, 10:56 AM
|
#12
|
Member
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 294
Original Poster
Rep:
|
Hi, unSpawn
ya you are right i am new to this domain and lack of knowledge in this domain, but no one
born perfect..born genius... so i hope i will do my work best soon as System Admin, but now
my thinking is to resolve this problem ASAP, for that what are things i need to do ..
1. to update a bind is a right thing?
2. What zone serial i need to change?
|
|
|
07-03-2011, 03:18 PM
|
#14
|
Member
Registered: Feb 2010
Location: chennai - India
Distribution: centos
Posts: 294
Original Poster
Rep:
|
Hi unSpawn,
if i restart the named its not starting and its shows errors like this and finaly failed
Quote:
Error in named configuration:
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
zone 0.in-addr.arpa/IN: loaded serial 0
/var/named/zones/master/db.anish.com:1: no TTL specified; using SOA MINTTL instead
zone anish.com/IN: loaded serial 2009051801
/var/named/zones/master/db.anish.in:1: no TTL specified; using SOA MINTTL instead
zone anish.in/IN: loaded serial 2009081401
/var/named/zones/master/db.anish.bz:1: no TTL specified; using SOA MINTTL instead
zone anish.bz/IN: loaded serial 2009051801
/var/named/zones/clients/db.manbiju.com:1: no TTL specified; using SOA MINTTL instead
zone manbiju.com/IN: loaded serial 200906601
|
Dont know what happening in our production server..
why suddenly its happening , and my bind version - bind-9.5.0-29.P2.fc8
Dont know how to fix this issue , What mistake i am doing here??
Last edited by anishkumarv; 07-03-2011 at 03:20 PM.
|
|
|
07-03-2011, 04:28 PM
|
#15
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by anishkumarv
zone has no address records
|
Address doesn't end with a dot? Use 'named-checkzone' after you made changes.
Quote:
Originally Posted by anishkumarv
zone loaded serial 0
|
Look at your db.anish.com zone file: it has a serial of "2009051801" (as in YYYYMMDD+zero-padded incr).
Quote:
Originally Posted by anishkumarv
no TTL specified; using SOA MINTTL instead
|
Add a TTL line to the beginning or add the TTL to the first record in the zone file.
Quote:
Originally Posted by anishkumarv
Dont know what happening in our production server..
|
I told you to use an expendable workstation to test stuff out on.
|
|
|
All times are GMT -5. The time now is 12:20 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|