Re: dns problem in fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2004-04-07 at 08:37, Alexander Dalloz wrote:
> [ again, but unsigned - thank you mailman ]
> 
> Am Mi, den 07.04.2004 schrieb Christopher K. Johnson um 17:36:
> 
> > Wouldn't it be preferable to have a subdirectory /var/named/slave that
> > is 770 and define the slave zone files in named.conf to be placed 
> > there?  I suspect the point of the mode 750 with root:named ownership 
> > was to reduce the risk of a compromised named modifying master zone
> files.
> 
> I agree and just had a look at my Fedora machine running bind (in
> chrooted mode) and found following directories:
> 
> $ ls -ld /var/named/chroot/var/named/slaves
> drwxr-x---  2 named named 4096 11. Dez 15:56
> /var/named/chroot/var/named/slaves
> 
> $ ls -ld /var/named/slaves/
> drwxrwx---  2 named named 4096 17. Okt 18:02 /var/named/slaves/
> 
> That are default permissions. I did not change anything. Unfortunately
> my bind is actually only master zone manager and I have no chance to
> test it running with slave zones.
> 
> Feedback by others is appreciated.
> 
> Alexander
> 
> 
> -- 
> Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
> Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
> Sirendipity 18:37:01 up 19 days, 2:18, load average: 1.45, 1.33, 1.19 
>                    [ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ]
>              my life is a planetarium - and you are the stars
> 
> 

The zonefiles on the master need to have a newer (higher) serial number
than the slave or the automatic zone refresh will time out. Try running

dig @master.domain.com. domain.com. axfr

from the slave as user named to force a zone refresh
and if it runs, the permissions are correct.

Stephen




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux