BIND 9.5.0 on Windows 2000 unable to rename log file...permission denied

atomic at people.net.au atomic at people.net.au
Wed Sep 17 23:51:41 UTC 2008


A very strange thing happened after upgrading from BIND 8.4.6 to 9.5.0. 
We created the "named" user as a service account as required by BIND9, 
then granted full control on everything in the BIND directory (d:\bind) 
to this user, however the named service failed to start due to:

 > Error 1053: The service did not respond to the start or control 
request in a timely fashion

There are a bunch of "unable to rename log file...permission denied" 
errors in the Windows Event Log, the exact error messages read:

 > unable to rename log file '..\\logs\\named.log.5' to 
'..\\logs\\named.log.6': permission denied
 > unable to rename log file '..\\logs\\named.log.6' to 
'..\\logs\\named.log.7': permission denied
 > unable to rename log file '..\\logs\\named.log.7' to 
'..\\logs\\named.log.8': permission denied
 > ...heaps more...

It became apparent that there are some permission issues writing to the 
log directory (d:\bind\logs), but we checked many times and can confirm 
that "named" user has full control all the way. The next thing we did 
was to rename the log directory to d:\bind\logs_preBIND9 and created a 
new log directory d:\bind\logs, and this time named started successfully.

We then compared the permissions between d:\bind\logs_preBIND9 and 
d:\bind\logs, they are exactly the same. It seems the problem is still 
there, but because the new log directory is empty so named does not have 
to rename anything and therefore it worked. Chances are as soon as the 
circular log files start to pop up named will stop working.

Is there a solution to this problem? What extra permissions are required 
to rename the log files when it already has full control? By the way our 
log file setting is "versions 50 size 25M" if that matters.

Thanks! Peter



More information about the bind-users mailing list