From RHEL to CentOS BIND 9

isplist at isplist at
Wed Dec 5 18:00:27 UTC 2007

I'm also seeing in /var/log/messages;

Dec  5 12:00:50 ns1 kernel: audit(1196877650.794:6): avc:  denied  { getattr } 
for  pid=1675 comm="rndc" path="/var/named/chroot/etc/rndc.key" dev=hda1 
ino=349192 scontext=system_u:system_r:ndc_t:s0 
tcontext=root:object_r:etc_runtime_t:s0 tclass=file

Since I have a completely new install and have copied a working machine over, 
you would think this should just run, immediately.


On Wed, 5 Dec 2007 09:49:25 -0600, Baird, Josh wrote:
> I think that you are making this way too complicated.
> Remove the bind packages that you have already installed and "yum
> install bind-chroot"
> This will install a chrooted bind in /var/named/chroot/.
> Copy the named.conf from your RHEL primary to
> /var/named/chroot/etc/named.conf on the new CentOS box.
> Copy the zones from your RHEL primary to /var/named/chroot/etc/xxx,
> where 'xxx' is the "directory" in global options.
> Take the RHEL primary offline, assign it's IP to the CentOS box, and
> boom -- you should have a working BIND master.  Remember that if you
> want to log within a chroot, you will need to start syslogd with the -a
> flag (check /etc/sysconfig/syslog, and make the change here).
> Thanks,
> Josh Baird
> -----Original Message-----
> From: bind-users-bounce at [mailto:bind-users-bounce at] On
> Behalf Of isplist at
> Sent: Wednesday, December 05, 2007 9:39 AM
> To: bind-users
> Subject: Re: From RHEL to CentOS BIND 9
>> I think start from scratch will be fastest and easiest way how fix
>> it (especially when you modified perms etc). It will take
>> about 5 minutes if you have zone files and named.conf :)
> I didn't change much for permissions and such but zone files and
> named.conf
> and such have been messed with too much by now. I'll rebuild and try
> your
> suggestion before anything.
> Do you have any tips on anything else I should be aware of?
> The scenario is that I have a RHEL based primary right now. I am
> installing a
> new CentOS based bind server, both are chrooted. I am replacing the
> first
> machine with the second. I will have to turn off the old machine and
> change
> the new machine IP when I am ready to let it take over.
> Once this is working correctly, the second part will be getting a
> secondary
> online. I want to get the first one going before thinking about the
> secondary
> :).
> Mike

More information about the bind-users mailing list