Tim wrote:
Tim:
It (updating master records) certainly works in FC4, though I've set
SELinux options to allow named to overwrite master zone files.
Paul Howarth:
It can't create new files such as journal files in
/var/named/chroot/var/named though, as that's only writeable by root.
A bit of an oops with my prior post. I looked at the wrong server (one
of the slaves). This is my master server (on FC4, mind you):
ll /var/named/chroot/var/named/ -d
drwxr-x--- 6 named named 4096 Jul 31 19:14 /var/named/chroot/var/named/
My master DNS server can write its master records, and journal files, as
directed to by the DHCP server.
You must have changed the ownership/permissions then. The
bind-chroot-9.3.1-20.FC4 package has:
drwxr-x--- 2 root named 0 Mar 31 01:01 /var/named/chroot
drwxr-x--- 2 root named 0 Mar 31 01:01
/var/named/chroot/dev
drwxr-x--- 2 root named 0 Mar 31 01:01
/var/named/chroot/etc
drwxr-x--- 2 root named 0 Mar 13 2003
/var/named/chroot/var
drwxr-x--- 2 root named 0 Aug 25 2004
/var/named/chroot/var/named
drwxrwx--- 2 named named 0 Aug 25 2004
/var/named/chroot/var/named/data
drwxrwx--- 2 named named 0 Jul 27 2004
/var/named/chroot/var/named/slaves
drwxrwx--- 2 root named 0 Mar 13 2003
/var/named/chroot/var/run
drwxrwx--- 2 named named 0 Mar 13 2003
/var/named/chroot/var/run/named
drwxrwx--- 2 named named 0 Mar 13 2003
/var/named/chroot/var/tmp
So /var/named/chroot/var/named is owned by root, not named. Mind you,
it's writeable by group named. This is not the case in
bind-chroot-9.3.2-20.FC5, which has:
drwxr-x--- 2 root named 0 Apr 19 15:12 /var/named/chroot
drwxr-x--- 2 root named 0 Apr 19 15:12
/var/named/chroot/dev
drwxr-x--- 2 root named 0 Apr 19 15:12
/var/named/chroot/etc
drwxr-x--- 2 root named 0 Mar 13 2003
/var/named/chroot/var
drwxr-x--- 2 root named 0 Apr 19 15:12
/var/named/chroot/var/named
drwxrwx--- 2 named named 0 Aug 25 2004
/var/named/chroot/var/named/data
drwxrwx--- 2 named named 0 Jul 27 2004
/var/named/chroot/var/named/slaves
drwxr-x--- 2 root named 0 Mar 13 2003
/var/named/chroot/var/run
drwxrwx--- 2 named named 0 Mar 13 2003
/var/named/chroot/var/run/named
drwxrwx--- 2 named named 0 Mar 13 2003
/var/named/chroot/var/tmp
Which has /var/named/chroot/var/named not writeable by group named.
There's also SELinux to consider - see:
http://www.isc.org/index.pl?/sw/bind/FAQ.php (search for "journal" on
that page)
Mine's been sitting on permissive for a long time, and is allowed to
write to master files. I should switch back to enforcing and retest.
I agree that using the "slaves" directory for this seems wrong; the
"data" directory would be better, and should also work OK.
Not sure that I've come across an explanation for what the data
directory is there for.
I'd wager it's there especially for DDNS users :-)
Paul.
