Good points.. Now I can go beat my head against something more fun, like MySQL.. ;) Thanks thrice! > -----Original Message----- > From: fedora-list-admin@xxxxxxxxxx > [mailto:fedora-list-admin@xxxxxxxxxx] On Behalf Of Matt Harris > Sent: Sunday, March 07, 2004 7:44 PM > To: fedora-list@xxxxxxxxxx > Subject: RE: New install, having bind issues > > > > May the almighty Fred, god of computers, bless you and your > > keyboard!!! > > > > Had to do about 5 minutes of looking up this whole chroot > jail thingy, > > but once it clicked my dns came up no problem.. It explained a lot > > too.. Like why test entries that I put into the > locahost.zone didn't > > come up, and why when I purposely put errors in named.conf that it > > didn't barf on me.. (It wasn't looking at those!! Genious!! hehee) > > > > Seriously, thanks for the heads up... > > > > One follow-up question. Now that I've jack around with my > permissions > > on all of these, any suggestions on ownership/permission > settings for > > the various files and directories under /var/named?? > > The only files that really matter are files that have your > shared secrets in them (named.conf and any include files you > may use...especially rndc.key). Those shouldn't be > world-readable. Any user can infer the contents of the zone > files simply by performing lookups on them, so it's okay if > they're world-readable. As long as joe luser can't write to > anything in that jail and can't read the .key files (and any > files with keys in them, say for dynamic updates), you should be fine. > > > Thanks Again!!! > > > > > -----Original Message----- > > > From: fedora-list-admin@xxxxxxxxxx > > > [mailto:fedora-list-admin@xxxxxxxxxx] On Behalf Of Matt Harris > > > Sent: Sunday, March 07, 2004 6:31 PM > > > To: fedora-list@xxxxxxxxxx > > > Subject: Re: New install, having bind issues > > > > > > > > > By default, fedora runs named in a chroot jail. > > > Consequently, all the config files and such are kept in > > > /var/named/chroot/whatever. If the copy of named.conf you > > > are editing isn't in /var/named/chroot/etc, then named won't > > > ever even see that you want it to serve that domain. All of > > > your zone files must be in /var/named/chroot/var/named. > > > > > > I beat my head against that for quite some time too. Hope this > > > helps. > > > > > > On Sun, 2004-03-07 at 19:08, Jeremy Lunsford wrote: > > > > I hope someone can help, I've been beating my head against this > > > > for > > > > the last 24hours. > > > > > > > > I just did a fresh install of Fedora. The install seemed > > > to go well, > > > > so I started restoring all my files. I checked the new > named.conf > > > > file and all the header stuff at the top matched up > exactly with my > > > > old one. (Which was from a RedHat 9 install, so same major > > > version of > > > > bind) So I copied my named.conf file into /etc. I then > > > copied all my > > > > zone files into /var/named. (Not replacing the hint > file) Then I > > > > started bind.. It will resolve other domains with no > > > problem, but when > > > > I query it about a domain that it is master for it gives me a > > > > > > > > ** server can't find thedames.com: SERVFAIL > > > > > > > > In my log file all I get is a lame server error.. > > > > > > > > Mar 7 20:56:24 bender named[22199]: lame server resolving > > > > 'thedames.com' (in 'thedames.com'?): 209.75.97.4#53 > > > > > > > > So my server clearly doesn't think that it has info for > > > those zones. > > > > At first I thought this was a permissions issue. > However at this > > > > point my named.conf file and all my zone files are 777 with > > > an owner > > > > of named. So I don't think that is an issue.. I don't get > > > any errors > > > > when restarting named. It just happily says that its loading > > > > named.conf and that everything is great. > > > > > > > > Mar 7 20:48:55 bender named[22199]: starting BIND > 9.2.2-P3 -u > > > > named -t /var/named/chroot > > > > Mar 7 20:48:55 bender named[22199]: using 1 CPU > > > > Mar 7 20:48:55 bender named[22199]: loading > configuration from > > > > '/etc/named.conf' > > > > Mar 7 20:48:55 bender named[22199]: no IPv6 interfaces found > > > > Mar 7 20:48:55 bender named[22199]: listening on > IPv4 interface > > > > lo, 127.0.0.1#53 > > > > Mar 7 20:48:55 bender named[22199]: listening on > IPv4 interface > > > > eth0, 209.75.97.2#53 > > > > Mar 7 20:48:55 bender named[22199]: command channel > > > listening on > > > > 127.0.0.1#953 > > > > Mar 7 20:48:55 bender named[22199]: running > > > > Mar 7 17:48:55 bender named: named startup succeeded > > > > > > > > > > > > If I run named-checkconf on my named.conf file I get the > > > > following: > > > > > > > > [root@bender etc]# named-checkconf -t /etc/ named.conf > > > > named.conf:4: change directory to '/var/named' failed: > > > file not found > > > > named.conf:4: parsing failed > > > > > > > > I had my friend run that same command on his server thou, > > > and he got > > > > the same error. I think I'm running the command wrong. > > > > > > > > Here is my current named.conf file, and one of my zone files: > > > > > > > > // generated by named-bootconf.pl > > > > > > > > options { > > > > directory "/var/named"; > > > > /* > > > > * If there is a firewall between you and > > > nameservers you want > > > > * to talk to, you might need to uncomment the > query-source > > > > * directive below. Previous versions of BIND > always asked > > > > * questions using port 53, but BIND 8.1 uses an > > > unprivileged > > > > * port by default. > > > > */ > > > > // query-source address * port 53; > > > > }; > > > > > > > > // > > > > // a caching only nameserver config > > > > // > > > > controls { > > > > inet 127.0.0.1 allow { localhost; } keys { rndckey; }; > > > > }; > > > > zone "." IN { > > > > type hint; > > > > file "named.ca"; > > > > }; > > > > > > > > zone "localhost" IN { > > > > type master; > > > > file "localhost.zone"; > > > > allow-update { none; }; > > > > }; > > > > > > > > zone "0.0.127.in-addr.arpa" IN { > > > > type master; > > > > file "named.local"; > > > > allow-update { none; }; > > > > }; > > > > > > > > include "/etc/rndc.key"; > > > > > > > > > > > > zone "vmfaq.com"{ > > > > type master; > > > > file "vmfaq.com"; > > > > }; > > > > > > > > zone "ethiopianet.net"{ > > > > type master; > > > > file "./ethiopianet.net"; > > > > }; > > > > > > > > zone "thecryptorium.com"{ > > > > type master; > > > > file "./thecryptorium.com"; > > > > }; > > > > > > > > zone "monku.org"{ > > > > type master; > > > > file "./monku.org"; > > > > }; > > > > > > > > zone "thedames.com"{ > > > > type master; > > > > file "thedames.com"; > > > > }; > > > > > > > > zone "gravelymanor.com"{ > > > > type master; > > > > file "./gravelymanor.com"; > > > > }; > > > > > > > > > > > > > > > > ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; > > > > ; File vmfaq.com > > > > ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; > > > > ; $ORIGIN vmfaq.com > > > > ; @ = vmfaq.com > > > > ; > > > > @ 86400 IN SOA ns1.vmfaq.com. > dnsadmin.vmfaq.com. ( > > > > 200403070 ; Serial number > > > > 10800 ; Refresh after 3 hours > > > > 3600 ; Retry after 1 hour > > > > 604800 ; Expire after 1 week > > > > 86400 ) ; Minimum TTL of 1 day > > > > > > > > 86400 IN NS ns1.vmfaq.com. > > > > 86400 IN NS ns1.thoene.net. > > > > > > > > > > > > vmfaq.com. 86400 IN A 209.75.97.2 > > > > 86400 IN MX 0 mx1.veriomail.com. > > > > www 86400 IN A 209.75.97.2 > > > > bender 86400 IN A 209.75.97.2 > > > > ns1 86400 IN A 209.75.97.2 > > > > fonts 86400 IN A 209.75.97.2 > > > > > > > > > > > > > > > > I found one place that said that I needed to put a $TTL 1D > > > at the top > > > > of my zones files. I've tried that, no luck.. Plus, the > > > zone checker > > > > utility says all my zones are ok. Besides my zone files > > > having their > > > > permissions wide open, so does the actual named directory.. > > > > > > > > If anyone has some suggestions, I'd love to hear them. > > > I've never had > > > > this kind of problem with DNS before. I've been doing it > > > for quite a > > > > while and the thing I love about bind is that it always just > > > > works. > > > > (Except today.) > > > > > > > > Thanks!!!! > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > fedora-list mailing list > > > fedora-list@xxxxxxxxxx > > > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list > > > > > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
