problems with slave after upgrade.

Charles Bodley Bodley at tflogic.com
Mon Jun 4 18:38:48 UTC 2001


Touch worked thanks again.

Didn't think file ownership mattered since bind is running as root. Changed
all files and folder to root.root just in case. This is the newest error
message. No longer denied now timeouts.

Jun  4 14:34:42 ns2 /usr/local/sbin/named[29605]: refresh_callback: zone
drpill.com/IN: failure for 216.143.228.100#53: timed out

And it still gives permission denied when updating a zone.

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Michael Kjorling
Sent: Monday, June 04, 2001 1:49 PM
To: BIND-Users
Subject: Re: problems with slave after upgrade.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jun 4 2001 13:28 -0400, Charles Bodley wrote:

> I have just upgraded to 9.1.2 from 8.2.3 Everything went smoothly but I
was
> getting this error message in my logs.
>
> Jun  1 16:56:26 ns2 modprobe: modprobe: Can't locate module net-pf-10
>
> Michael Kjörling was kind enough to explain what it was and how to get a
rid
> of it.
>
> "It's about IPv6 support. Just put "alias net-pf-10 off" into your
> /etc/conf.modules (or /etc/modules.conf), and the warning should go
> away. It did for me.
> Michael Kjörling"
> This relieved that error message but createed a new one.
> Jun  4 13:18:25 ns2 modprobe: Note: /etc/conf.modules is more recent than
> /lib/modules/2.2.14-5.0/modules.dep

This is not critical. I solved it the dirty way (`touch
/lib/modules/2.2.18/modules.dep' in my case), but I know there's a
better way to do it. Just can't remember the command off the top of my
head.

Haven't had any problems because of the touch approach though.

A hint - you might want to consider upgrading the kernel. 2.2.14-5.0
(which ships with Red Hat 6.2) seems to have rather severe problems in
its TCP/IP stack. One of my servers was constantly freezing (no error
output on the console nor in the logs), but since I upgraded to
2.2.18, I haven't had a single problem with it. I'd say it's better to
do it the safe way, especially if the server is publicly accessible
(which I'd assume).


> And on closer inspection there were other errors that I had missed.These
> occured on every domain.
> Jun  1 17:10:59 ns2 /usr/local/sbin/named[24904]: refresh_callback: zone
> ltitrucks.com/IN: isc_file_settime(db.ltitrucks_com): permission denied
> Jun  1 17:10:59 ns2 /usr/local/sbin/named[24904]: notify failed: not
> authoritative for notify zone (REFUSED)
> Jun  1 17:10:59 ns2 /usr/local/sbin/named[24904]: refresh_callback: zone
> foodstamp.com/IN: isc_file_settime(db.foodstamp_com): permission denied
> Jun  1 17:11:00 ns2 /usr/local/sbin/named[24904]: refresh_callback: zone
> vpnapp.com/IN: isc_file_settime(db.vpnapp_com): permission denied

Is the file permissions set correctly on both the directory containing
the zone files *and* the zone files themselves? That is the first
thing I would check.


> And when I attempted a transfer This was the logged messages.
> Jun  4 13:24:09 ns2 /usr/local/sbin/named[29235]: transfer of
'ftlogix.com'
> from 216.143.228.100#53: receiving responses: permission denied
> Jun  4 13:24:09 ns2 /usr/local/sbin/named[29235]: transfer of
'ftlogix.com'
> from 216.143.228.100#53: end of transfer
> Jun  4 13:24:11 ns2 named[29271]: slave zone "ftlogix.com" (IN) loaded
> (serial 2001032901)

This seems to me at a first glance at least like a file permission
problem - since the transfer wasn't *refused*, it could hardly be that
216.143.228.100 doesn't have ns2 in its allow-transfer{} clause, but I
would check that too just to be sure. Try the file permission approach
first, though. And restart BIND (`ndc reload' might do as well, but my
experiences with BIND 8 is *extremely* limited to say the least.)


Michael Kjörling

- --
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7G8oCKqN7/Ypw4z4RApaLAJ0UHUH1t4/csiFdjYcNerg7Ebzp/gCg9clB
cXFkC+oW4O+UsA29wgILLIw=
=nXLH
-----END PGP SIGNATURE-----







More information about the bind-users mailing list