Recent Problem with BIND 9 under Windows XP
Vincent Poy
vincepoy at gmail.com
Mon Jul 2 05:12:57 UTC 2007
On 7/1/07, Danny Mayer <mayer at ntp.isc.org> wrote:
> Vincent Poy wrote:
> > On 7/1/07, Mark Andrews <Mark_Andrews at isc.org> wrote:
> >>
> >> >
> >> > > On 6/29/07, Danny Mayer <mayer at ntp.isc.org> wrote:
> >> > > > Vincent Poy wrote:
> >> > > > > You're right about the lack of syslog in Windows so it will
> >> only log a
> >> > > > > event rather than detailed like syslog on a Unix box would.
> >> Is there
> >> > > > > a way to log to a specific logfile using named.conf in Windows?
> >> > > >
> >> > > > No, you are not getting far enough to start the logging. That's
> >> why I
> >> > > > told you to use the pid-file none; option. While you are at it,
> >> does the
> >> > > > pid file exist in the directory you specified for it?
> >> > >
> >> > > the named.pif file does exist in the directory whether I have it
> >> > > specified or not as I deleted the named.pid file before each test to
> >> > > see whah happens. With pid-file none; option, the file doesn't get
> >> > > created but the problem still doesn't change.
> >> > >
> >> > > > > Thanks for the reminder about testing named from the command
> >> line, it
> >> > > > > runs from a different user account. I tried running it on the
> >> command
> >> > > > > line as the named user and it appears to run correctly:
> >> > > >
> >> > > > Proves nothing except that the zones will load. Even if they had
> >> failed
> >> > > > to load you would have seen that in the application event log.
> >> > >
> >> > > You're right since I had to clear all the event logs before it will
> >> > > start logging
> >> > > again but so far, if I try to load the ISC BIND service, it will
> >> show up only
> >> > > in the system event log. When I run it from the command line as the
> >> > > service won't start, it will show up in the application event log.
> >> > >
> >> > > > > When I tested it originally, it was running from the vince
> >> account on
> >> > > > > the command line and the vince account is setup as a
> >> Administrator.
> >> > > > >
> >> > > > > One thing that puzzles me is that for the ISC BIND service, if I
> >> > > > > change it to run as Local System Account, it will run fine but
> >> if I
> >> > > > > tried it with named or vince, it will have the problem after 3
> >> seconds
> >> > > > > (I timed it this time) that I mentioned when I wrote the original
> >> > > > > message about this problem. So I don't know why it's won't
> >> start the
> >> > > > > service running as the named user when it worked in the past.
> >> > > >
> >> > > > That means that you have a file permission problem.
> >> > >
> >> > > But how do I find out exactly where the file permission problem is
> >> > > since the all directories from C:\windows\system32\dns and below
> >> > > basically have named as a user under security which has Full control
> >> > > under allow checked which enables everything under allow except
> >> > > special permissions which can be turned on.
> >> >
> >> > Check C:\, D:\windows and C:\windows\system32.
> >>
> >> Check C:\, C:\windows and C:\windows\system32.
> >
> > C:\ only has one permission, Everyone = full control
> > C:\Windows has one permission, Everyone = full control
> > C:\Windows\System32 has two permissions, Everyone = full control,
> > System = Read/Write/Special permissions
> >
> > And I even deleted the C:\Windows\System32\dns directory and only
> > saved the named.conf file as well as the master zone files and tried
> > reinstalling, same results.
>
> Explicitly grant read and write permission to named to both the
> directory C:\Windows\system32\dns and all it's subdirectories and files.
> You shouldn't assume that Everyone is sufficient since the named account
> is not part of any group.
As I mentioned C:\Windows\system32\dns and all it's subdirectories and
files has a named user listed with full control since basically it's
like this as I just checked again:
Everyone - under Allow - Full Control, Modify, Read & Execute, List
Folder Contents, Read, Write
named - under Allow - Full Control, Modify, Read & Execute, List
Folder Contents, Read, Write
System - Under Allow - Read, Write, Special Permissions
Cheers,
Vince
More information about the bind-users
mailing list