Zone Transfer from MS DNS to Bind

Shaheen wael.shaheen at gmail.com
Wed Aug 2 14:04:16 UTC 2006 

Hi,
am having a problem configuring Bind as secondary server for an MS
Windows 2k based primary DNS.

what i get in log file is
name named[10827]: transfer of 'abc.com/IN' from x.x.x.x#53: end of
transfer
 name named[10827]: loading configuration from '/etc/named.conf'
 name kernel: audit(1154526782.984:309): avc:  denied  { write } for
pid=10831 comm="named" name="named" dev=dm-0 ino=5303719
scontext=root:system_r:named_t:s0
tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
 name named[10827]: logging channel 'default_debug' file
'/var/named/named.run': permission denied
 name named[10827]: zone abc.com/IN/internal: Transfer started.
 name named[10827]: transfer of 'abc.com/IN' from x.x.x.x#53: connected
using 192.168.1.14#58206
 name named[10827]: dumping master file: tmp-xRln0Jv84M: open:
permission denied
 name kernel: audit(1154526783.624:310): avc:  denied  { write } for
pid=10829 comm="named" name="named" dev=dm-0 ino=5303719
scontext=root:system_r:named_t:s0
tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
 name named[10827]: transfer of 'abc.com/IN' from x.x.x.x#53: failed
while receiving responses: permission denied
 name named[10827]: transfer of 'abc.com/IN' from x.x.x.x#53: end of
transfer


and permissons for /var/named is drwxr-x---  6 root    named   4096 Jul
23 19:14 named

when i changed the permission to drwxr-x---  6 named    named   4096
Jul 23 19:14 named

i got the same error.

my named.conf is
options {
        directory "/var/named/";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        datasize default;
        recursive-clients 30000;
        max-cache-size 800000000;
        pid-file "/var/run/named/named.pid";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};


logging {
category lame-servers {
null;

};





channel "default_debug" {
    file "/var/named/named.run";                   // write to
named.run in
                                        // the working directory
                                        // Note: stderr is used instead
                                        // of "named.run"
                                        // if the server is started
                                        // with the '-f' option.
    severity critical;                   // log at the server's
                                        // current debug level};
 };
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};

zone   "abc.com" {type slave; file  "db.zone"; masters {x.x.x.x; };};
include "/etc/rndc.key"


please advice

Thank you

More information about the bind-users mailing list