| |
| |
| |
|
Comments:
<0> Hello again friends, let me try again. I have a problem with BIND. When I try to restart the service (bind9, named) I get the following message in daemon.log: "none:0: open: /etc/bind/named.conf: permission denied".
<0> I have set chmod 777 to all files and folders starting at /etc/bind
<0> have set "bind" as the owner too
<0> but I still get this message... do you have any idea to solve the problem?
<1> run named from the terminal in debug mode.
<0> how do I do that?
<0> named -d level, something like that?
<0> but where the debug messages will be stored?
<0> lunaphyte: do I need to stop the service before starting from the command line?
<1> fromvega: look at the man page for named. it describes debugging.
<0> ok
<0> tks
<1> yes you will need to stop any current processes.
<0> lunaphyte: I stopped it, then typed: named -g -d 1, and the message that I get is the same "permission denied"
<1> what user are you? type 'whoami'
<0> I am root now
<1> pastebin named's ouput.
<0> lunaphyte: http://pastebin.com/872548
<1> ls -alh /etc/bind/named.conf
<1> cat /etc/bind/named.conf => pastebin
<1> bbiab
<0> I'm just pasting it
<0> lunaphyte: http://pastebin.com/872552
<1> ls -alh /etc/bind/named.conf.options ?
<1> ls -alh /etc/bind/named.conf.local ?
<1> ls -alh /etc/bind/rndc.key ?
<0> ok
<1> what does named-checkconf say ?
<0> nothing
<0> when I try with another user but not root, I can't access /etc/bind
<1> what version of bind did you say this was?
<0> 9.3.2
<1> ls -alh /etc/* | grep -i bind
<0> I'm pasting it
<1> can you use something other than pastebin? it's loading very slow for me.
<1> maybe rafb.net/paste ?
<0> ok
<0> http://rafb.net/p/JY7sDL61.html
<0> there is
<1> oops - ls -alh /etc | grep -i bind
<1> should just be one line or so. ok to paste here.
<0> drw-rw-rw- 3 bind bind 4.0K 2007-01-31 22:39 bind
<0> maybe it should be named instead of bind?
<1> doubt it.
<1> strings `which named` | grep -i named.conf
<1> you probably want to do chmod a+x /etc/bind
<0> ok, but `which named` | grep -i named.conf returned nothing
<1> that command starts with 'strings'
<0> now it changed the message
<0> with chmod a+x
<0> why?
<1> what is the message?
<0> a lot, I will paste it, but it seems its ok now
<0> http://rafb.net/p/pwGORk44.html
<1> that looks promising.
<0> lunaphyte: I don't understand... why did I need to do chmod a+x if it was running before?
<1> either it wasn't really running before, or something changed.
<0> very strange...
<0> so the user is really "bind" instead of "named", right?
<1> what os?
<0> ubuntu
<1> cat /etc/default/bind9
<0> OPTIONS="-u bind"
<2> ..
<2> chmod 750 `which bind`
<2> why the hell does other have rw on the binary
<1> that is the user named will run as.
<1> Rawplayer: huh?
<0> lunaphyte: now the zones aren't working... >:( hahaha great
<1> keep running named in your terminal. the logs will tell you what to do.
<0> ok
<1> find an error, fix it, kill named and try again. keep going until all errors are gone. you'll get there.
<0> permission denied on the zone files :P
<1> at most, do 664. you should never need 666 or 777, etc for zone files.
<0> its 666 I think
<1> too loose.
<0> now it's 664 let's test again
<1> if 664 doesn't work, then the owner or group of the file should be modified.
<0> denied again
<1> er - actually, 664 should work fine.
<0> but it didn't work and the owner is 'bind'
<1> let's see the output again
<0> lunaphyte: ok, just a moment
<0> http://rafb.net/p/OcWBxL51.html
<1> ls -alhd /etc/bind/zones/
<0> drw-rw-r-- 2 bind bind 4.0K 2007-01-31 23:49 /etc/bind/zones/
<1> again - same problem. user bind can't get into that dir.
<1> chmod a+x /etc/bind/zones
<0> but why not?
<1> it is not executable.
<0> but why does it need to be executable? there are just plain text files
<1> zones is a directory, not a text file.
<0> so a directory needs to be executable?
<1> if a user is to be able to "go into it", yes.
<0> tks, didn't know that
<0> let's test again
<0> eeee! it seems that it's ok now! many thanks!
<0> so, what I need is to let the dir be executable by bind user...
<0> so simple, so much pain
<0> hahuahua
<1> no problem.
<0> it's time to test nsupdate hehe
<1> since your permissions were so whack, you might check that you don't have files or dirs writable by everyone that shouldn't be.
<0> yes... I'll do all over again after I managed to configure it the way I want
<0> manage
<0> the update was refused, might be a key issue... but I think I'll let it for tomorrow
<0> lunaphyte: are you there? it's working... tks! just one more question
<0> lunaphyte: when doing a dynamic update, using nsupdate to add a record, I must do "update add host.domain. TTL A IP" Why do I need to set TTL? Isn't TTL just for the zone file? Why do I set it while adding a record?
<3> could i get some help regarding ozyman DNS tunneling?
<4> that isn't quite within our norm.
<3> well, i don 't know where else to ask
<4> *shrug*
<3> it's based on DNS
<4> uh-huh.
<4> it is based on abusing dns.
<3> oh well
<3> It's ment to be used for free internet access
Return to
#dns
or
Go to some related
logs:
#css
php5 for sles9
#php
t
awk get hostname
linux install over samba
ubuntu useradd unable to lock password file
hal pkg_config_path ubuntu
#math
ubuntu stuck loading linux kernel
|
|