RE: Bind Issues After FC2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Message: 2
> Date: Sun, 20 Jun 2004 19:16:53 -0500
> From: "Cowles, Steve" <steve@xxxxxxxxxxxxxxx>
> Subject: RE: Bind Issues After FC2
> To: "'For users of Fedora Core releases'"
> <fedora-list@xxxxxxxxxx>
> Message-ID:
> 
>
<90769AF04F76D41186C700A0C90AFC3E320DD3@xxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain
> 
> See my inserts below...
> 
> edwarner99@xxxxxxxxx wrote:
> > Hi,
> > 
> > I decided to start a new thread as now, I'm
> getting
> > other errors. Everything worked under FC1.
> > I had to change my directory to "/" from
> "/var/named"
> > It just would not work, gave me permission errors.
> 
> Changing your named.conf global option "directory"
> to / is not a very good
> idea. Named expects files to be relative to the path
> specified in the
> directory option. By default, the redhat supplied
> named.conf references
> /var/named. If your having permission errors using
> this directory, then FIX
> THEM!!!! Here is a hint from my system...
> 
> [root@excelsior etc]# cd /var
> [root@excelsior var]# ls -ld named
> drwxr-x---  5 root named 1024 Jun 10 22:07 named
> 
> [root@excelsior var]# cd named
> [root@excelsior named]# ls -l
> total 8
> drwxr-xr-x  5 root  root  1024 Oct 18  2003 chroot
> -rw-r--r--  1 named named  195 Feb 15 07:06
> localhost.zone
> -rw-r--r--  1 named named 2518 Feb 15 07:06 named.ca
> -rw-r--r--  1 named named  433 Feb 15 07:06
> named.local
> drwxrwx---  2 named named 1024 Mar 26 05:28 slaves
> 
> > 
> > Now I'm getting "could not configure roots hints
> from
> > "named.ca" file not found.
> 
> That's probably because you specified / in your
> directory statement, so
> named is looking for /named.ca, not
> /var/named/named.ca
> 
> > 
> > 
> > Below is my named.conf file.
> > 
> > // generated by named-bootconf.pl
> > 
> > controls {
> > 	inet 127.0.0.1 allow { localhost; } keys {
> rndckey;
> > };
> > };
> > 
> > 
> > // Define address range for the local domain.
> > acl lan {
> > 	192.168.100/24;
> > 	127.0.0.1;
> 
> If you are going to specify a network address in
> CIDR notation, then specify
> the network address as 192.168.100.0/24
> 
> Long pause... Reading: man named.conf
> 
> WOW! Your notation is actually understood by named.
> <groan>
> 
> > };
> > 
> > options {
> > 	directory "/";
> 
> As stated above, using the root "/" for your
> directory statement is a bad
> idea. Fix your permissions problem on directory
> /var/named. Then make sure
> the zone files you are loading from named.conf exist
> in this directory.
> 
> > /*
> >  If there is a firewall between you and
> nameservers
> >  you want to talk to, you might need to uncomment
> the
> >  query-source directive below.  Previous versions
> of
> >  BIND always asked questions using port 53, but
> BIND
> >  8.1 uses an unprivileged port by default.
> > */
> > 	// query-source address * port 53;
> > 
> > 	// Only allow queries and listen from the local
> domain.
> > 	allow-query { lan; };
> > 	allow-recursion { lan; };
> > 	allow-transfer { lan; };
> > 	listen-on {
> > 		 127.0.0.0/24;
> > 		 192.168.100.1;
> > 	};
> 
> Personally, I would change the 127.0.0.0/24 to
> 127.0.0.1
> 
> > 
> > 	// Use Bellsouth's DNS servers for finding
> external
> > addresses.
> > 	forward only;
> > 	forwarders {
> > 		xxx.xxx.xxx.xxx;
> > 	};
> > };
> > 
> > // Top Level domain name servers.
> > zone "." IN {
> > 	type hint;
> > 	file "named.ca";
> > };
> 
> You realize that you are loading the root hints
> zone, but specifying the use
> of forwarders for all other tld's outside the zones
> you are loading? This
> will work, but loading the root hints zone along
> with "allow_recursion"
> allows your DNS server to lookup all other tld's on
> its own. Well, unless
> you ISP is blocking outbound DNS requests to servers
> other than theirs.
> 
> > 
> > // Localhost Zones
> > zone "localhost" IN {
> > 	type master;
> > 	file "localhost.zone";
> > 	allow-update { lan; };
> > };
> 
> So why are you allowing updates to the above zone?
> Especially since you have
> not specifed any DDNS parameters in named.conf.
> 
> > 
> > // Provide a reverse lookup for the loopback
> address
> > 127.0.0.1
> > zone "0.0.127.in-addr.arpa" IN {
> > 	type master;
> > 	file "named.local";
> > 	allow-update { lan; };
> > };
> 
> Again, why are you allowing updates to the above
> zone? Especially since you
> have not specifed any DDNS parameters in named.conf.
> 
> > 
> > // Home network zone.
> > zone "mylan.lan" IN {
> > 	type master;
> > 	file "named.mylan";
> > 	notify no;
> > 	allow-update { lan; };
> > };
> 
> Specifying allow-update for the above zone makes
> since, but again, you have
> not specified any DDNS parameters - so all update
> attempts from clients
> listed in your ACL will fail.
> 
> > 
> > // Reverse lookup for the local domain.
> > zone "100.168.192.in-addr.arpa" {
> > 	type master;
> > 	file "named.mylan-rev";
> > 	notify no;
> > 	allow-update { lan; };
> > };
> > 
> > 
> > include "/etc/rndc.key";
> > 
> 
> If I could suggest... 
> 
> 1) Fix your permissions problems
> 
> 2) Stop using named-bootconf.pl to create your
> named.conf file
> 
> 3) Read the man pages for named.conf. i.e. man
> named.conf
> 
> Steve Cowles

I did read the man pages, that's why I'm confused as
why it doesn't work now vs. FC1.

I replaced the "/" in the directory directive to
"/var/named". Did that just as a test. But now I'm
still getting permission problems try to change to
that directory. I've set permissions to 777, ownership
to root and named.

Like I said, I read the man pages, as well as a book I
have here, but I'm not getting anywhere fast.


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux