Solution to slave zone transfer problem (at least in my case)

Kevin Darcy kcd at
Tue Mar 22 22:27:46 UTC 2005

Frank Saxton wrote:

>Thanks for the response Kevin!  After about 4 days and reading literally
>hundreds of forum posts, web pages and so on, I finally figured it out with
>a clue from someone who posted something about this subject.  This really
>ought to be a FAQ item IMO since literally legions of people have
>apparently slugged it out trying to solve this problem over time.  The
>"responses" to these questions are usually something vague along the lines
>of "there's a problem with named.conf" or "you have a permissions problem". 
>Duh... that may indeed have been the case with the other thousand or so
>people who had this problem,  but with over 20 years of *NIX Systems
>Engineering experience, I think I know how to set up file permissions.
>Anyway, I was getting the classic "permissions denied" messages same as
>everyone else.  With named debug turned on, I was seeing write deny
>messages for /dev/sda3 (/var) but nothing more informational than that.
>I am not a DNS person and I don't know when the /var/named/slaves scheme
>came along.  I am using Bind 9.2.4.  But this, not "file permissions" is
>what bit me.
>On the DNS slave, you need to set zone, file "slave/zonename"; not just file
>"zonename";  THANK YOU CHRIS!!!!!!
>Then you need to (apparently) copy your zone files into /var/named/slaves
>making them 664 and owned and grouped by named.
>Once I got it to work, I didn't do a lot of testing to figure out all of the
>little pieces so you might be able to get away with a different mask or
>ownerships.  But if you're having this problem and the condescending "your
>files aren't writeable" responses aren't helping, try this.
>Why named can't see the files in chroot on a slave is anyone's guess.  My
>symlinks are right and my file protections are right and everything was
>indeed writeable.  Perhaps this was fixed in later releases of bind.
>Anyway, I hope this information saves some time for others who get dragged
>into this snake pit.
There's nothing magical about any "/var/named/slaves" convention, nor do 
I follow that convention on any of my chroot'ed-and-running-unprivileged 
slave servers. If you've solved your problem, you've done so in a 
roundabout way.

Is your /var/named directory itself writable? Since named writes temp 
files, it needs to have write permission for the working directory 
itself, not just to the zone files in that directory. I have a "data" 
subdirectory off my chroot, for instance, and that works just fine...

- Kevin

More information about the bind-users mailing list