Bind Zone Transfer Problem
Charles Curley
charlescurley at charlescurley.com
Tue Jul 4 04:27:45 UTC 2006
On Mon, Jul 03, 2006 at 11:50:24PM -0400, Todd Zullinger wrote:
> Charles Curley wrote:
> >> I'd take a stab at SELinux being the cause. Do you have that
> >> running in Enforcing mode on either box by chance?
> >
> > Nope, selinux is disabled on both boxes.
>
> Damn. So much for the easy scapegoat.
>
> Okay, you made me curious enough to google a little so I can ask you
> better questions and make other suggestions... (Bear in ind though
> that it's been a while since I setup BIND to do this so I'm rusty.)
>
> You probably want have the secondary server setup to use the slaves
> subdirectory, which will be writable by the named daemon. Change your
> secondary to:
>
> file "slaves/localdomain";
>
> That's one solution I found for someone having the same problem and it
> makes sense, as right now your secondary is trying to write the
> localdomain file to /var/named, which it won't have permission to
> write to by default.
Well, it *should*. The files there are root:named. But that explains
it, doh. The files have permissions of -rw-r-----, so all I needed to
do was change that.
Is this a bug in bind, or rather in the bind RPM package? I'm running
this in the chroot jail provided by the bind-chroot package.
Your suggestion of making a directory worked:
[root at dragon named]# mkdir zones
[root at dragon named]# chown named:named zones/
[root at dragon named]# ll zones/
total 12
drwxr-xr-x 2 named named 4096 Jul 3 22:05 .
drwxr-x--- 5 root named 4096 Jul 3 22:05 ..
and as soon as I restarted named it transferred successfully, and all
is well.
This leaves one minor mystery:
Jul 3 22:07:09 dragon named[15783]: running
Jul 3 22:07:09 dragon named[15783]: zone localdomain/IN: Transfer started.
Jul 3 22:07:09 dragon named[15783]: transfer of 'localdomain/IN' from 192.168.1.3#53: connected using 192.168.1.4#57114
Jul 3 22:07:10 dragon named[15783]: zone localdomain/IN: transferred serial 2006070301
Jul 3 22:07:10 dragon named[15783]: transfer of 'localdomain/IN' from 192.168.1.3#53: end of transfer
Jul 3 22:07:10 dragon named[15783]: zone localdomain/IN: sending notifies (serial 2006070301)
Jul 3 22:07:10 dragon named[15783]: client 192.168.1.4#32921: received notify for zone 'localdomain'
Jul 3 22:07:10 dragon named[15783]: zone localdomain/IN: refused notify from non-master: 192.168.1.4#32921
Well, of course it's refusing a notification from itself. I'm probably
leaving out an option to tell it not to notify anyone of the
change. Well, I'll track that one down later.
Thanks.
> Relying on government to protect your privacy is like asking a peeping
> tom to install your window blinds.
> -- John Barlow, co-founder of EFF
Good one. From whom do they think I want to protect my privacy,
anyway.
--
Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email
Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060703/6c928e56/attachment-0001.sig>
More information about the fedora-list
mailing list