On Tue, 2006-08-01 at 17:35 +1000, Brian Chadwick wrote: > Yes I did a recursive chmod. > > from /var i did chmod -R named.named var > > i cant give you a directory listing now, i have reset the permissions to > original Okay, bare in mind the things mentioned elsewhere in the thread about trying another sub-directory inside var/named for your dynamic records. But what you've got now is probably important. The "defaults" sometimes end up being different on different boxes. Perhaps due to whether users just install BIND itself, or the local caching package? > the output from messages after a named and dhcpd restart and an > immeadiate lease request and ddns update is below. > > Aug 1 17:28:51 server named[23130]: zone 'bac.org.au' allows updates by IP address, which is insecure > Aug 1 17:28:51 server named[23130]: zone '10.168.192.in-addr.arpa' allows updates by IP address, which is insecure As I've commented on below, I found allowing updates by IP address hasn't worked for some time. I don't know if it works again in FC5. > Aug 1 17:29:06 server dhcpd: No hostname for 192.168.10.190 > Aug 1 17:29:06 server dhcpd: DHCPDISCOVER from 00:0c:29:b2:ac:3e (box) via eth1 > Aug 1 17:29:07 server dhcpd: DHCPOFFER on 192.168.10.190 to 00:0c:29:b2:ac:3e via eth1 > Aug 1 17:29:07 server dhcpd: No hostname for 192.168.10.190 > Aug 1 17:29:07 server dhcpd: DHCPDISCOVER from 00:0c:29:b2:ac:3e via eth1 > Aug 1 17:29:07 server dhcpd: DHCPOFFER on 192.168.10.190 to 00:0c:29:b2:ac:3e (box) via eth1 > Aug 1 17:29:07 server named[23130]: client 192.168.10.254#32843: updating zone 'bac.org.au/IN': adding an RR at 'box.bac.org.au' A > Aug 1 17:29:07 server named[23130]: client 192.168.10.254#32843: updating zone 'bac.org.au/IN': adding an RR at 'box.bac.org.au' TXT > Aug 1 17:29:07 server named[23130]: journal file /var/named/bac.org.au.hosts.jnl does not exist, creating it > Aug 1 17:29:07 server named[23130]: /var/named/bac.org.au.hosts.jnl: create: permission denied > Aug 1 17:29:07 server named[23130]: client 192.168.10.254#32843: updating zone 'bac.org.au/IN': error: journal open failed: unexpected error > Aug 1 17:29:07 server dhcpd: Unable to add forward map from box.bac.org.au to 192.168.10.190: timed out > Aug 1 17:29:07 server dhcpd: No hostname for 192.168.10.190 > Aug 1 17:29:07 server dhcpd: DHCPREQUEST for 192.168.10.190 (192.168.10.254) from 00:0c:29:b2:ac:3e (box) via eth1 > Aug 1 17:29:07 server dhcpd: DHCPACK on 192.168.10.190 to 00:0c:29:b2:ac:3e (box) via eth1 > > As you can see ... everything seems to work ok except being able to > write the jnl file. Not sure if the "timed out" error is the same thing, or related. I've gone through the same myself, but resolved it too long ago. Not sure if the denials are file writing denials, or configuration of name server allowances. If the chrooted /var/named... (/var/named/chroot/var/named...) it's trying to access now doesn't have the right permissions, it won't be able to write those files. What are the current permissions? > > named.conf - > // > // named.conf for Red Hat caching-nameserver > // > > acl "bac-net" { 192.168.10.0/24; 127.0.0.1; }; > > options { > directory "/var/named/"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > listen-on { "bac-net"; }; > allow-query { "bac-net"; }; Hmm, never seen the listen-on and allow-query statements refer to the ACL before. Not sure if it's allowed, but my man file says it's port and IP data inside listen-on. It does say that the allow-query is an address match element, though. > // > // bac zone > // > > zone "bac.org.au" { > type master; > file "/var/named/bac.org.au.hosts"; > allow-update { > 127.0.0.1; > 192.168.10.254; > key rndckey; > }; > }; I found that using addresses in the allow-update statement hadn't worked for me since about Red Hat 8.0 Linux. I had to use an ACL name in there, and that's all I've used. Seeing as you've set up one, acl "bac-net", it seems rather redundant to then not use it and go about manually specifying the addresses in all the places you could have just put "bac-net", if you're also including addresses. Not that it should make any difference, you can omit that full file path. You've set it, above, with the directory statement. For subdirectories, you can just prepend the subdirectory name. i.e. slaves/example.com.zone Mine would have been done just as: zone "bac.org.au" { type master; file "bac.org.au.hosts"; allow-update { key rndckey;}; }; > dhcpd.conf -- > > include "/etc/rndc.key"; Are you using the same /etc/rndc.key between DNS and DHCP servers? It'll need to be. That can be a /gotcha/ in chrooted servers. > subnet 192.168.10.0 netmask 255.255.255.0 { > ddns-domainname "bac.org.au"; > ddns-rev-domainname "in-addr.arpa."; > authoritative; > ddns-updates on; Not sure if the above two statements (authoritative & ddns-updates on) had to be done outside of the subnet clauses. > host admin { > hardware ethernet 00:0D:61:B4:AA:85; > fixed-address 192.168.10.1; > } Fixed addresses won't get updated in the DNS records, you'd have to set them in them manually. -- (Currently running FC4, in case that's important to the thread) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.