Recent Problem with BIND 9 under Windows XP

Danny Mayer mayer at gis.net
Mon Jul 2 03:59:20 UTC 2007 

Vincent Poy wrote:
> On 6/29/07, Danny Mayer <mayer at ntp.isc.org> wrote:
>> Vincent Poy wrote:
>> > You're right about the lack of syslog in Windows so it will only log a
>> > event rather than detailed like syslog on a Unix box would.  Is there
>> > a way to log to a specific logfile using named.conf in Windows?
>>
>> No, you are not getting far enough to start the logging. That's why I
>> told you to use the pid-file none; option. While you are at it, does the
>> pid file exist in the directory you specified for it?
> 
> the named.pif file does exist in the directory whether I have it
> specified or not as I deleted the named.pid file before each test to
> see whah happens.  With pid-file none; option, the file doesn't get
> created but the problem still doesn't change.
> 

The next file you need to care about is the named.conf file in the etc
subdirectory. The service account needs to be able to read it. Look at
the permissions on both the etc directory and on the file itself. named
needs to be able to read it. Please note that the created account is NOT
in the User group. That's by design for security reasons.

>> > Thanks for the reminder about testing named from the command line, it
>> > runs from a different user account.  I tried running it on the command
>> > line as the named user and it appears to run correctly:
>>
>> Proves nothing except that the zones will load. Even if they had failed
>> to load you would have seen that in the application event log.
> 
> You're right since I had to clear all the event logs before it will
> start logging
> again but so far, if I try to load the ISC BIND service, it will show up
> only
> in the system event log.  When I run it from the command line as the
> service won't start, it will show up in the application event log.
> 

Did you try the following command from the command line:
net start named

Does it start or does it give you a failure. I recall that you will get
  a failure from there if it cannot find the named.conf file.

What is in the following key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\ISC\BIND\InstallDir?

Does it correctly point to the directory above etc which contains
named.conf?

>> > When I tested it originally, it was running from the vince account on
>> > the command line and the vince account is setup as a Administrator.
>> >
>> > One thing that puzzles me is that for the ISC BIND service, if I
>> > change it to run as Local System Account, it will run fine but if I
>> > tried it with named or vince, it will have the problem after 3 seconds
>> > (I timed it this time) that I mentioned when I wrote the original
>> > message about this problem.  So I don't know why it's won't start the
>> > service running as the named user when it worked in the past.
>>
>> That means that you have a file permission problem.
> 
> But how do I find out exactly where the file permission problem is
> since the all directories from C:\windows\system32\dns and below
> basically have named as a user under security which has Full control
> under allow checked which enables everything under allow except
> special permissions which can be turned on.
> 

See above.

Danny
> Cheers,
> Vince
>

More information about the bind-users mailing list