Bind Issues After FC2
edwarner99 at yahoo.com
edwarner99 at yahoo.com
Mon Jun 21 10:37:09 UTC 2004
> Message: 2
> Date: Sun, 20 Jun 2004 19:16:53 -0500
> From: "Cowles, Steve" <steve at stevecowles.com>
> Subject: RE: Bind Issues After FC2
> To: "'For users of Fedora Core releases'"
> <fedora-list at redhat.com>
> Message-ID:
>
>
<90769AF04F76D41186C700A0C90AFC3E320DD3 at defiant.infohiiway.com>
> Content-Type: text/plain
>
> See my inserts below...
>
> edwarner99 at yahoo.com wrote:
> > Hi,
> >
> > I decided to start a new thread as now, I'm
> getting
> > other errors. Everything worked under FC1.
> > I had to change my directory to "/" from
> "/var/named"
> > It just would not work, gave me permission errors.
>
> Changing your named.conf global option "directory"
> to / is not a very good
> idea. Named expects files to be relative to the path
> specified in the
> directory option. By default, the redhat supplied
> named.conf references
> /var/named. If your having permission errors using
> this directory, then FIX
> THEM!!!! Here is a hint from my system...
>
> [root at excelsior etc]# cd /var
> [root at excelsior var]# ls -ld named
> drwxr-x--- 5 root named 1024 Jun 10 22:07 named
>
> [root at excelsior var]# cd named
> [root at excelsior named]# ls -l
> total 8
> drwxr-xr-x 5 root root 1024 Oct 18 2003 chroot
> -rw-r--r-- 1 named named 195 Feb 15 07:06
> localhost.zone
> -rw-r--r-- 1 named named 2518 Feb 15 07:06 named.ca
> -rw-r--r-- 1 named named 433 Feb 15 07:06
> named.local
> drwxrwx--- 2 named named 1024 Mar 26 05:28 slaves
>
> >
> > Now I'm getting "could not configure roots hints
> from
> > "named.ca" file not found.
>
> That's probably because you specified / in your
> directory statement, so
> named is looking for /named.ca, not
> /var/named/named.ca
>
> >
> >
> > Below is my named.conf file.
> >
> > // generated by named-bootconf.pl
> >
> > controls {
> > inet 127.0.0.1 allow { localhost; } keys {
> rndckey;
> > };
> > };
> >
> >
> > // Define address range for the local domain.
> > acl lan {
> > 192.168.100/24;
> > 127.0.0.1;
>
> If you are going to specify a network address in
> CIDR notation, then specify
> the network address as 192.168.100.0/24
>
> Long pause... Reading: man named.conf
>
> WOW! Your notation is actually understood by named.
> <groan>
>
> > };
> >
> > options {
> > directory "/";
>
> As stated above, using the root "/" for your
> directory statement is a bad
> idea. Fix your permissions problem on directory
> /var/named. Then make sure
> the zone files you are loading from named.conf exist
> in this directory.
>
> > /*
> > If there is a firewall between you and
> nameservers
> > you want to talk to, you might need to uncomment
> the
> > query-source directive below. Previous versions
> of
> > BIND always asked questions using port 53, but
> BIND
> > 8.1 uses an unprivileged port by default.
> > */
> > // query-source address * port 53;
> >
> > // Only allow queries and listen from the local
> domain.
> > allow-query { lan; };
> > allow-recursion { lan; };
> > allow-transfer { lan; };
> > listen-on {
> > 127.0.0.0/24;
> > 192.168.100.1;
> > };
>
> Personally, I would change the 127.0.0.0/24 to
> 127.0.0.1
>
> >
> > // Use Bellsouth's DNS servers for finding
> external
> > addresses.
> > forward only;
> > forwarders {
> > xxx.xxx.xxx.xxx;
> > };
> > };
> >
> > // Top Level domain name servers.
> > zone "." IN {
> > type hint;
> > file "named.ca";
> > };
>
> You realize that you are loading the root hints
> zone, but specifying the use
> of forwarders for all other tld's outside the zones
> you are loading? This
> will work, but loading the root hints zone along
> with "allow_recursion"
> allows your DNS server to lookup all other tld's on
> its own. Well, unless
> you ISP is blocking outbound DNS requests to servers
> other than theirs.
>
> >
> > // Localhost Zones
> > zone "localhost" IN {
> > type master;
> > file "localhost.zone";
> > allow-update { lan; };
> > };
>
> So why are you allowing updates to the above zone?
> Especially since you have
> not specifed any DDNS parameters in named.conf.
>
> >
> > // Provide a reverse lookup for the loopback
> address
> > 127.0.0.1
> > zone "0.0.127.in-addr.arpa" IN {
> > type master;
> > file "named.local";
> > allow-update { lan; };
> > };
>
> Again, why are you allowing updates to the above
> zone? Especially since you
> have not specifed any DDNS parameters in named.conf.
>
> >
> > // Home network zone.
> > zone "mylan.lan" IN {
> > type master;
> > file "named.mylan";
> > notify no;
> > allow-update { lan; };
> > };
>
> Specifying allow-update for the above zone makes
> since, but again, you have
> not specified any DDNS parameters - so all update
> attempts from clients
> listed in your ACL will fail.
>
> >
> > // Reverse lookup for the local domain.
> > zone "100.168.192.in-addr.arpa" {
> > type master;
> > file "named.mylan-rev";
> > notify no;
> > allow-update { lan; };
> > };
> >
> >
> > include "/etc/rndc.key";
> >
>
> If I could suggest...
>
> 1) Fix your permissions problems
>
> 2) Stop using named-bootconf.pl to create your
> named.conf file
>
> 3) Read the man pages for named.conf. i.e. man
> named.conf
>
> Steve Cowles
I did read the man pages, that's why I'm confused as
why it doesn't work now vs. FC1.
I replaced the "/" in the directory directive to
"/var/named". Did that just as a test. But now I'm
still getting permission problems try to change to
that directory. I've set permissions to 777, ownership
to root and named.
Like I said, I read the man pages, as well as a book I
have here, but I'm not getting anywhere fast.
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
More information about the fedora-list
mailing list