From RHEL to CentOS BIND 9
isplist at logicore.net
isplist at logicore.net
Wed Dec 5 18:00:27 UTC 2007
I'm also seeing in /var/log/messages;
Dec 5 12:00:50 ns1 kernel: audit(1196877650.794:6): avc: denied { getattr }
for pid=1675 comm="rndc" path="/var/named/chroot/etc/rndc.key" dev=hda1
ino=349192 scontext=system_u:system_r:ndc_t:s0
tcontext=root:object_r:etc_runtime_t:s0 tclass=file
Since I have a completely new install and have copied a working machine over,
you would think this should just run, immediately.
Mike
On Wed, 5 Dec 2007 09:49:25 -0600, Baird, Josh wrote:
> I think that you are making this way too complicated.
>
> Remove the bind packages that you have already installed and "yum
> install bind-chroot"
>
> This will install a chrooted bind in /var/named/chroot/.
>
> Copy the named.conf from your RHEL primary to
> /var/named/chroot/etc/named.conf on the new CentOS box.
>
> Copy the zones from your RHEL primary to /var/named/chroot/etc/xxx,
> where 'xxx' is the "directory" in global options.
>
> Take the RHEL primary offline, assign it's IP to the CentOS box, and
> boom -- you should have a working BIND master. Remember that if you
> want to log within a chroot, you will need to start syslogd with the -a
> flag (check /etc/sysconfig/syslog, and make the change here).
>
> Thanks,
>
> Josh Baird
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of isplist at logicore.net
> Sent: Wednesday, December 05, 2007 9:39 AM
> To: bind-users
> Subject: Re: From RHEL to CentOS BIND 9
>
>> I think start from scratch will be fastest and easiest way how fix
>> it (especially when you modified perms etc). It will take
>> about 5 minutes if you have zone files and named.conf :)
>>
> I didn't change much for permissions and such but zone files and
> named.conf
> and such have been messed with too much by now. I'll rebuild and try
> your
> suggestion before anything.
>
> Do you have any tips on anything else I should be aware of?
>
> The scenario is that I have a RHEL based primary right now. I am
> installing a
> new CentOS based bind server, both are chrooted. I am replacing the
> first
> machine with the second. I will have to turn off the old machine and
> change
> the new machine IP when I am ready to let it take over.
>
> Once this is working correctly, the second part will be getting a
> secondary
> online. I want to get the first one going before thinking about the
> secondary
> :).
>
> Mike
More information about the bind-users
mailing list