Bind Zone Transfer Problem

Charles Curley charlescurley at charlescurley.com
Tue Jul 4 04:27:45 UTC 2006


On Mon, Jul 03, 2006 at 11:50:24PM -0400, Todd Zullinger wrote:
> Charles Curley wrote:
> >> I'd take a stab at SELinux being the cause.  Do you have that
> >> running in Enforcing mode on either box by chance?
> > 
> > Nope, selinux is disabled on both boxes.
> 
> Damn.  So much for the easy scapegoat.
> 
> Okay, you made me curious enough to google a little so I can ask you
> better questions and make other suggestions... (Bear in ind though
> that it's been a while since I setup BIND to do this so I'm rusty.)
> 
> You probably want have the secondary server setup to use the slaves
> subdirectory, which will be writable by the named daemon.  Change your
> secondary to:
> 
>     file "slaves/localdomain";
> 
> That's one solution I found for someone having the same problem and it
> makes sense, as right now your secondary is trying to write the
> localdomain file to /var/named, which it won't have permission to
> write to by default.

Well, it *should*. The files there are root:named. But that explains
it, doh. The files have permissions of -rw-r-----, so all I needed to
do was change that.

Is this a bug in bind, or rather in the bind RPM package? I'm running
this in the chroot jail provided by the bind-chroot package.

Your suggestion of making a directory worked:

[root at dragon named]# mkdir zones
[root at dragon named]# chown named:named zones/
[root at dragon named]# ll zones/
total 12
drwxr-xr-x 2 named named 4096 Jul  3 22:05 .
drwxr-x--- 5 root  named 4096 Jul  3 22:05 ..

and as soon as I restarted named it transferred successfully, and all
is well.

This leaves one minor mystery:

Jul  3 22:07:09 dragon named[15783]: running
Jul  3 22:07:09 dragon named[15783]: zone localdomain/IN: Transfer started.
Jul  3 22:07:09 dragon named[15783]: transfer of 'localdomain/IN' from 192.168.1.3#53: connected using 192.168.1.4#57114
Jul  3 22:07:10 dragon named[15783]: zone localdomain/IN: transferred serial 2006070301
Jul  3 22:07:10 dragon named[15783]: transfer of 'localdomain/IN' from 192.168.1.3#53: end of transfer
Jul  3 22:07:10 dragon named[15783]: zone localdomain/IN: sending notifies (serial 2006070301)
Jul  3 22:07:10 dragon named[15783]: client 192.168.1.4#32921: received notify for zone 'localdomain'
Jul  3 22:07:10 dragon named[15783]: zone localdomain/IN: refused notify from non-master: 192.168.1.4#32921

Well, of course it's refusing a notification from itself. I'm probably
leaving out an option to tell it not to notify anyone of the
change. Well, I'll track that one down later.

Thanks.


> Relying on government to protect your privacy is like asking a peeping
> tom to install your window blinds.
>     -- John Barlow, co-founder of EFF


Good one. From whom do they think I want to protect my privacy,
anyway.

-- 

Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email
http://www.charlescurley.com    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060703/6c928e56/attachment-0001.sig>


More information about the fedora-list mailing list