9.11 to 9.16: need directions
Ondřej Surý
ondrej at isc.org
Sun Jun 13 05:55:09 UTC 2021
Most likely SELinux policy is preventing access to those files. Check the other logs.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 13. 6. 2021, at 7:48, ToddAndMargo via bind-users <bind-users at lists.isc.org> wrote:
>
> On 6/12/21 8:30 PM, ToddAndMargo via bind-users wrote:
>> # named-checkzone -t /var/named/chroot/var/named/slaves abc.local abc.hosts.rev
>> abc.hosts.rev:3: ignoring out-of-zone data (255.168.192.in-addr.arpa)
>> abc.hosts.rev:14: ignoring out-of-zone data abc.hosts(10.255.168.192.in-addr.arpa)
>> abc.hosts.rev:17: ignoring out-of-zone data
>
>
> # rpm -aq bind\*
> bind-export-libs-9.11.11-1.fc30.x86_64
> bind-license-9.16.16-1.fc34.noarch
> bind-dnssec-doc-9.16.16-1.fc34.noarch
> bind-libs-9.16.16-1.fc34.x86_64
> bind-utils-9.16.16-1.fc34.x86_64
> bind-dnssec-utils-9.16.16-1.fc34.x86_64
> bind-9.16.16-1.fc34.x86_64
> bind-chroot-9.16.16-1.fc34.x86_64
>
>
> Oh poop. I had the zone name wrong again. The zone
> name comes directly from named.conf. Duh!
>
>
> # named-checkzone -t /var/named/chroot/var/named/slaves 255.168.192.in-addr.arpa abc.hosts.rev
> zone 255.168.192.in-addr.arpa/IN: loaded serial 213
> OK
>
> Now I also have
>
> # named-checkzone -t /var/named/chroot/var/named/slaves abc.local abc.hosts
> zone abc.local/IN: loaded serial 265
> OK
>
>
> and
>
> # named-checkconf -l -t /var/named/chroot /etc/named.conf
> abc.local IN _default master
> 255.168.192.in-addr.arpa IN _default master
> 0.0.127.in-addr.arpa IN _default master
>
>
> So why am I getting file not found in the following?
>
> # systemctl status named.service
>
> × named.service - Berkeley Internet Name Domain (DNS)
> Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
> Active: failed (Result: exit-code) since Sat 2021-06-12 16:31:16 PDT; 3h 46min ago
> Process: 18368 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is >
> CPU: 12ms
>
> Jun 12 16:31:16 rn6.abc.local bash[18369]: _default/abc.local/IN: file not found
> Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 255.168.192.in-addr.arpa/IN: loading from master file slaves/abc.hosts.rev failed: file not found
> Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 255.168.192.in-addr.arpa/IN: not loaded due to errors.
> Jun 12 16:31:16 rn6.abc.local bash[18369]: _default/255.168.192.in-addr.arpa/IN: file not found
> Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 0.0.127.in-addr.arpa/IN: loading from master file named.local failed: file not found
> Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 0.0.127.in-addr.arpa/IN: not loaded due to errors.
> Jun 12 16:31:16 rn6.abc.local bash[18369]: _default/0.0.127.in-addr.arpa/IN: file not found
> Jun 12 16:31:16 rn6.abc.local systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
> Jun 12 16:31:16 rn6.abc.local systemd[1]: named.service: Failed with result 'exit-code'.
> Jun 12 16:31:16 rn6.abc.local systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
>
>
>
> My /etc/named.local
>
> // generated by named-bootconf.pl
>
> options {
> # the following forwarders is Family freindly Open DNS:
> # forwarders { 208.67.222.122; 208.67.220.120; };
>
> # the following forwarders is for Open DNS
> forwarders { 208.67.222.222; 208.67.220.220; };
>
> # the following forwarders is for Google's DNS
> #forwarders { 8.8.8.8; 8.8.4.4; };
>
> directory "/var/named";
> # pid-file "/var/named/chroot/run/named/named.pid";
> # pid-file "/var/named/chroot/run/named/nonamed.pid";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
> };
>
>
> key DHCP_UPDATER {
> algorithm hmac-md5;
> secret cgGq509uDODGTU4J9QZwgQ==;
> };
>
> zone "abc.local" {
> type master;
> # file "/var/named/chroot/var/named/slaves/abc.hosts";
> file "slaves/abc.hosts";
> allow-update { key DHCP_UPDATER; };
> # allow-update { 127.0.0.1; };
> };
>
> zone "255.168.192.in-addr.arpa" {
> type master;
> # file "/var/named/chroot/var/named/slaves/abc.hosts.rev";
> file "slaves/abc.hosts.rev";
> allow-update { key DHCP_UPDATER; };
> # allow-update { 127.0.0.1; };
> };
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> # file "/var/named/chroot/var/named/named.local";
> file "named.local";
> };
>
> # logging {
> # channel update_debug {
> # file "/var/named/chroot/var/named/slaves/named-update-debug.log";
> # severity debug 3;
> # print-category yes;
> # print-severity yes;
> # print-time yes;
> # };
> # channel security_info {
> # file "slaves/named-auth.info";
> # severity info;
> # print-category yes;
> # print-severity yes;
> # print-time yes;
> # };
>
> # category update { update_debug; };
> # category security { security_info; };
> # };
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list