On Mon, Jul 03, 2006 at 11:50:24PM -0400, Todd Zullinger wrote: > Charles Curley wrote: > >> I'd take a stab at SELinux being the cause. Do you have that > >> running in Enforcing mode on either box by chance? > > > > Nope, selinux is disabled on both boxes. > > Damn. So much for the easy scapegoat. > > Okay, you made me curious enough to google a little so I can ask you > better questions and make other suggestions... (Bear in ind though > that it's been a while since I setup BIND to do this so I'm rusty.) > > You probably want have the secondary server setup to use the slaves > subdirectory, which will be writable by the named daemon. Change your > secondary to: > > file "slaves/localdomain"; > > That's one solution I found for someone having the same problem and it > makes sense, as right now your secondary is trying to write the > localdomain file to /var/named, which it won't have permission to > write to by default. Well, it *should*. The files there are root:named. But that explains it, doh. The files have permissions of -rw-r-----, so all I needed to do was change that. Is this a bug in bind, or rather in the bind RPM package? I'm running this in the chroot jail provided by the bind-chroot package. Your suggestion of making a directory worked: [root@dragon named]# mkdir zones [root@dragon named]# chown named:named zones/ [root@dragon named]# ll zones/ total 12 drwxr-xr-x 2 named named 4096 Jul 3 22:05 . drwxr-x--- 5 root named 4096 Jul 3 22:05 .. and as soon as I restarted named it transferred successfully, and all is well. This leaves one minor mystery: Jul 3 22:07:09 dragon named[15783]: running Jul 3 22:07:09 dragon named[15783]: zone localdomain/IN: Transfer started. Jul 3 22:07:09 dragon named[15783]: transfer of 'localdomain/IN' from 192.168.1.3#53: connected using 192.168.1.4#57114 Jul 3 22:07:10 dragon named[15783]: zone localdomain/IN: transferred serial 2006070301 Jul 3 22:07:10 dragon named[15783]: transfer of 'localdomain/IN' from 192.168.1.3#53: end of transfer Jul 3 22:07:10 dragon named[15783]: zone localdomain/IN: sending notifies (serial 2006070301) Jul 3 22:07:10 dragon named[15783]: client 192.168.1.4#32921: received notify for zone 'localdomain' Jul 3 22:07:10 dragon named[15783]: zone localdomain/IN: refused notify from non-master: 192.168.1.4#32921 Well, of course it's refusing a notification from itself. I'm probably leaving out an option to tell it not to notify anyone of the change. Well, I'll track that one down later. Thanks. > Relying on government to protect your privacy is like asking a peeping > tom to install your window blinds. > -- John Barlow, co-founder of EFF Good one. From whom do they think I want to protect my privacy, anyway. -- Charles Curley /"\ ASCII Ribbon Campaign Looking for fine software \ / Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com / \ No M$ Word docs in email Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
Attachment:
pgpcXyPLpStTI.pgp
Description: PGP signature