Dynamic DNS and failed journal
Paul Howarth
paul at city-fan.org
Mon Jul 31 11:54:49 UTC 2006
Tim wrote:
> Tim:
>>> It (updating master records) certainly works in FC4, though I've set
>>> SELinux options to allow named to overwrite master zone files.
>
> Paul Howarth:
>> It can't create new files such as journal files in
>> /var/named/chroot/var/named though, as that's only writeable by root.
>
> A bit of an oops with my prior post. I looked at the wrong server (one
> of the slaves). This is my master server (on FC4, mind you):
>
> ll /var/named/chroot/var/named/ -d
> drwxr-x--- 6 named named 4096 Jul 31 19:14 /var/named/chroot/var/named/
>
> My master DNS server can write its master records, and journal files, as
> directed to by the DHCP server.
You must have changed the ownership/permissions then. The
bind-chroot-9.3.1-20.FC4 package has:
drwxr-x--- 2 root named 0 Mar 31 01:01 /var/named/chroot
drwxr-x--- 2 root named 0 Mar 31 01:01
/var/named/chroot/dev
drwxr-x--- 2 root named 0 Mar 31 01:01
/var/named/chroot/etc
drwxr-x--- 2 root named 0 Mar 13 2003
/var/named/chroot/var
drwxr-x--- 2 root named 0 Aug 25 2004
/var/named/chroot/var/named
drwxrwx--- 2 named named 0 Aug 25 2004
/var/named/chroot/var/named/data
drwxrwx--- 2 named named 0 Jul 27 2004
/var/named/chroot/var/named/slaves
drwxrwx--- 2 root named 0 Mar 13 2003
/var/named/chroot/var/run
drwxrwx--- 2 named named 0 Mar 13 2003
/var/named/chroot/var/run/named
drwxrwx--- 2 named named 0 Mar 13 2003
/var/named/chroot/var/tmp
So /var/named/chroot/var/named is owned by root, not named. Mind you,
it's writeable by group named. This is not the case in
bind-chroot-9.3.2-20.FC5, which has:
drwxr-x--- 2 root named 0 Apr 19 15:12 /var/named/chroot
drwxr-x--- 2 root named 0 Apr 19 15:12
/var/named/chroot/dev
drwxr-x--- 2 root named 0 Apr 19 15:12
/var/named/chroot/etc
drwxr-x--- 2 root named 0 Mar 13 2003
/var/named/chroot/var
drwxr-x--- 2 root named 0 Apr 19 15:12
/var/named/chroot/var/named
drwxrwx--- 2 named named 0 Aug 25 2004
/var/named/chroot/var/named/data
drwxrwx--- 2 named named 0 Jul 27 2004
/var/named/chroot/var/named/slaves
drwxr-x--- 2 root named 0 Mar 13 2003
/var/named/chroot/var/run
drwxrwx--- 2 named named 0 Mar 13 2003
/var/named/chroot/var/run/named
drwxrwx--- 2 named named 0 Mar 13 2003
/var/named/chroot/var/tmp
Which has /var/named/chroot/var/named not writeable by group named.
>> There's also SELinux to consider - see:
>> http://www.isc.org/index.pl?/sw/bind/FAQ.php (search for "journal" on
>> that page)
>
> Mine's been sitting on permissive for a long time, and is allowed to
> write to master files. I should switch back to enforcing and retest.
>
>> I agree that using the "slaves" directory for this seems wrong; the
>> "data" directory would be better, and should also work OK.
>
> Not sure that I've come across an explanation for what the data
> directory is there for.
I'd wager it's there especially for DDNS users :-)
Paul.
More information about the fedora-list
mailing list