9.11 to 9.16: need directions

Sun Jun 13 05:55:09 UTC 2021

Most likely SELinux policy is preventing access to those files. Check the other logs.

Ondřej 
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 13. 6. 2021, at 7:48, ToddAndMargo via bind-users <bind-users at lists.isc.org> wrote:
> 
> On 6/12/21 8:30 PM, ToddAndMargo via bind-users wrote:
>> # named-checkzone -t /var/named/chroot/var/named/slaves  abc.local abc.hosts.rev
>> abc.hosts.rev:3: ignoring out-of-zone data (255.168.192.in-addr.arpa)
>> abc.hosts.rev:14: ignoring out-of-zone data abc.hosts(10.255.168.192.in-addr.arpa)
>> abc.hosts.rev:17: ignoring out-of-zone data
> 
> 
> # rpm -aq bind\*
> bind-export-libs-9.11.11-1.fc30.x86_64
> bind-license-9.16.16-1.fc34.noarch
> bind-dnssec-doc-9.16.16-1.fc34.noarch
> bind-libs-9.16.16-1.fc34.x86_64
> bind-utils-9.16.16-1.fc34.x86_64
> bind-dnssec-utils-9.16.16-1.fc34.x86_64
> bind-9.16.16-1.fc34.x86_64
> bind-chroot-9.16.16-1.fc34.x86_64
> 
> 
> Oh poop.  I had the zone name wrong again.  The zone
> name comes directly from named.conf.   Duh!
> 
> 
> # named-checkzone -t /var/named/chroot/var/named/slaves 255.168.192.in-addr.arpa abc.hosts.rev
> zone 255.168.192.in-addr.arpa/IN: loaded serial 213
> OK
> 
> Now I also have
> 
> # named-checkzone -t /var/named/chroot/var/named/slaves  abc.local abc.hosts
> zone abc.local/IN: loaded serial 265
> OK
> 
> 
> and
> 
> # named-checkconf -l -t /var/named/chroot /etc/named.conf
> abc.local IN _default master
> 255.168.192.in-addr.arpa IN _default master
> 0.0.127.in-addr.arpa IN _default master
> 
> 
> So why am I getting file not found in the following?
> 
> # systemctl status named.service
> 
> × named.service - Berkeley Internet Name Domain (DNS)
>     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
>     Active: failed (Result: exit-code) since Sat 2021-06-12 16:31:16 PDT; 3h 46min ago
>    Process: 18368 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is >
>        CPU: 12ms
> 
> Jun 12 16:31:16 rn6.abc.local bash[18369]: _default/abc.local/IN: file not found
> Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 255.168.192.in-addr.arpa/IN: loading from master file slaves/abc.hosts.rev failed: file not found
> Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 255.168.192.in-addr.arpa/IN: not loaded due to errors.
> Jun 12 16:31:16 rn6.abc.local bash[18369]: _default/255.168.192.in-addr.arpa/IN: file not found
> Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 0.0.127.in-addr.arpa/IN: loading from master file named.local failed: file not found
> Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 0.0.127.in-addr.arpa/IN: not loaded due to errors.
> Jun 12 16:31:16 rn6.abc.local bash[18369]: _default/0.0.127.in-addr.arpa/IN: file not found
> Jun 12 16:31:16 rn6.abc.local systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
> Jun 12 16:31:16 rn6.abc.local systemd[1]: named.service: Failed with result 'exit-code'.
> Jun 12 16:31:16 rn6.abc.local systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
> 
> 
> 
> My /etc/named.local
> 
> // generated by named-bootconf.pl
> 
> options {
>        # the following forwarders is Family freindly Open DNS:
>        # forwarders { 208.67.222.122; 208.67.220.120; };
> 
>        # the following forwarders is for Open DNS
>    forwarders { 208.67.222.222; 208.67.220.220; };
> 
>        # the following forwarders is for Google's DNS
>    #forwarders { 8.8.8.8; 8.8.4.4; };
> 
>    directory "/var/named";
>        # pid-file "/var/named/chroot/run/named/named.pid";
>        # pid-file "/var/named/chroot/run/named/nonamed.pid";
>    /*
>     * If there is a firewall between you and nameservers you want
>     * to talk to, you might need to uncomment the query-source
>     * directive below.  Previous versions of BIND always asked
>     * questions using port 53, but BIND 8.1 uses an unprivileged
>     * port by default.
>     */
>    // query-source address * port 53;
> };
> 
> 
> key DHCP_UPDATER {
>    algorithm hmac-md5;
>    secret cgGq509uDODGTU4J9QZwgQ==;
> };
> 
> zone "abc.local" {
>    type master;
>    # file "/var/named/chroot/var/named/slaves/abc.hosts";
>    file "slaves/abc.hosts";
>        allow-update { key DHCP_UPDATER; };
> #       allow-update { 127.0.0.1; };
> };
> 
> zone "255.168.192.in-addr.arpa" {
>    type master;
>    # file "/var/named/chroot/var/named/slaves/abc.hosts.rev";
>    file "slaves/abc.hosts.rev";
>        allow-update { key DHCP_UPDATER; };
> #       allow-update { 127.0.0.1; };
> };
> 
> zone "0.0.127.in-addr.arpa" {
>    type master;
>    # file "/var/named/chroot/var/named/named.local";
>    file "named.local";
> };
> 
> # logging {
>     # channel update_debug {
>          # file "/var/named/chroot/var/named/slaves/named-update-debug.log";
>          # severity  debug 3;
>          # print-category yes;
>          # print-severity yes;
>          # print-time     yes;
>      # };
>          # channel security_info    {
>          # file "slaves/named-auth.info";
>          # severity  info;
>          # print-category yes;
>          # print-severity yes;
>          # print-time     yes;
>      # };
> 
>      # category update { update_debug; };
>      # category security { security_info; };
> # };
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users