error messages
Stefan Puiu
stefan.puiu at gmail.com
Tue Apr 25 06:59:03 UTC 2006
On 4/22/06, Martyn Clark <Martyn.Clark at portwebsolutions.co.uk> wrote:
> Hi I am receiving the following errors in my log file:
> Insecure zones (dynamic update allowed by IP address):
> portwebsolutions.co.uk: 3 Time(s)
> portwebsolutions.net: 3 Time(s)
About the "insecure zone" comment - you have the explanation right
there; you have something like "allow-update {x.y.z.t; };" in your
configuration, and that is considered insecure by BIND, because IP
addresses can be spoofed, after all. A more secure setup is to use
TSIG keys for authentication.
> [...]
> client 80.4.17.121 view external: updating zone
> 'portwebsolutions.net/IN': error: journal open failed: unexpected error: 8
> Time(s)
> [...]
> journal file portwebsolutions.net.zone.jnl does not exist, creating it:
> 19 Time(s)
> portwebsolutions.net.zone.jnl: create: permission denied: 18 Time(s)
>
You don't have the proper permissions in the directory where BIND
tries to create the journal files. If you're running BIND as user
named, you should chown that dir to user named and allow that user to
write it. As far as I can see, the journal file is created in the same
directory as the zone file for the updated zone; it could be that you
only have read permissions there - since loading the zone seems to
work.
Stefan.
More information about the bind-users
mailing list