docfx
December 21st, 2008, 04:05 PM
Installed Hardy updated to 8.04.1LTS w/LVM
All was well,
Dec 20 16:21:14 wonder named[31642]: starting BIND 9.4.2-P2 -u bind
Dec 20 16:21:14 wonder named[31642]: found 1 CPU, using 1 worker thread
Dec 20 16:21:14 wonder named[31642]: loading configuration from '/etc/bind/named.conf'
Dec 20 16:21:14 wonder named[31642]: listening on IPv6 interfaces, port 53
then I started going thru the Howtoforge "perfect server" tutorial. Got to the part where bind gets chrooted and...
Bind 9 fails - acc'd to /var/log/syslog:
Dec 21 14:00:54 wonder named[6828]: starting BIND 9.4.2-P2 -u bind -t /var/lib/named
Dec 21 14:00:54 wonder named[6828]: found 1 CPU, using 1 worker thread
Dec 21 14:00:54 wonder named[6828]: loading configuration from '/etc/bind/named.conf'
Dec 21 14:00:54 wonder named[6828]: none:0: open: /etc/bind/named.conf: permission denied
Dec 21 14:00:54 wonder named[6828]: loading configuration: permission denied
Dec 21 14:00:54 wonder named[6828]: exiting (due to fatal error)
Have tried it, per the tutorial ( w/ AppArmor disabled/purged ) as well as per Ubuntu Forum ( ubuntuforums.org/showthread.php?t=735188&highlight=bind9+fail ).
AppArmor is currently running and my usr.sbin.named is:
# vim:syntax=apparmor
# Last Modified: Fri Jun 1 16:43:22 2007
#include <tunables/global>
/usr/sbin/named {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/doc/bind9/README.Debian.gz
# /etc/bind/** r,
# Dynamic updates needs zone and journal files rw. We just allow rw for all
# in /etc/bind, and let DAC handle the rest > moved to /var/lib/named/etc/bind
/var/lib/named/etc/bind/* rw,
# if local zones are in a subdirectory
/var/lib/named/etc/bind/zones/* rw,
/var/lib/named/etc/bind/zones/external/* rw,
/var/lib/named/etc/bind/zones/internal/* rw,
/var/lib/bind/** rw,
/var/lib/bind/ rw,
/var/cache/bind/** rw,
/var/cache/bind/ rw,
# some people like to put logs in /var/log/named/
/var/log/named/** rw,
# dnscvsutil package
/var/lib/dnscvsutil/compiled/** rw,
/proc/net/if_inet6 r,
/usr/sbin/named mr,
/var/lib/named/var/run/bind/run/named.pid w,
#/var/run/bind/run/named.pid w,
# support for resolvconf
/var/lib/named/var/run/bind/named.options r,
#/var/run/bind/named.options r,
# add also following lines thanks to Spezi2u
/var/lib/named/dev/null rw,
/var/lib/named/dev/random rw,
}
Contents of /etc/bind/ aka /var/lib/named/etc/bind/ are:
-rw-r--r-- 1 bind bind 237 2008-04-09 15:44 db.0
-rw-r--r-- 1 bind bind 271 2008-04-09 15:44 db.127
-rw-r--r-- 1 bind bind 237 2008-04-09 15:44 db.255
-rw-r--r-- 1 bind bind 353 2008-04-09 15:44 db.empty
-rw-r--r-- 1 bind bind 270 2008-04-09 15:44 db.local
-rw-r--r-- 1 bind bind 2878 2008-04-09 15:44 db.root
-rw-r--r-- 1 bind bind 907 2008-04-09 15:44 named.conf
-rw-r--r-- 1 bind bind 165 2008-04-09 15:44 named.conf.local
-rw-r--r-- 1 bind bind 3041 2008-12-21 13:51 named.conf.options
-rw------- 1 root root 695 2008-12-21 13:51 named.conf.options~
-rw-r----- 1 bind bind 77 2008-05-26 17:26 rndc.key
-rw-r--r-- 1 bind bind 1317 2008-04-09 15:44 zones.rfc1918
and still bind9 refuses to start from CLI or during reboot... It doesn't see to make any difference if I use OPTIONS="-u bind -t /var/lib/named" or OPTIONS="-u bind".
Any suggestions would greatly appreciated.
All was well,
Dec 20 16:21:14 wonder named[31642]: starting BIND 9.4.2-P2 -u bind
Dec 20 16:21:14 wonder named[31642]: found 1 CPU, using 1 worker thread
Dec 20 16:21:14 wonder named[31642]: loading configuration from '/etc/bind/named.conf'
Dec 20 16:21:14 wonder named[31642]: listening on IPv6 interfaces, port 53
then I started going thru the Howtoforge "perfect server" tutorial. Got to the part where bind gets chrooted and...
Bind 9 fails - acc'd to /var/log/syslog:
Dec 21 14:00:54 wonder named[6828]: starting BIND 9.4.2-P2 -u bind -t /var/lib/named
Dec 21 14:00:54 wonder named[6828]: found 1 CPU, using 1 worker thread
Dec 21 14:00:54 wonder named[6828]: loading configuration from '/etc/bind/named.conf'
Dec 21 14:00:54 wonder named[6828]: none:0: open: /etc/bind/named.conf: permission denied
Dec 21 14:00:54 wonder named[6828]: loading configuration: permission denied
Dec 21 14:00:54 wonder named[6828]: exiting (due to fatal error)
Have tried it, per the tutorial ( w/ AppArmor disabled/purged ) as well as per Ubuntu Forum ( ubuntuforums.org/showthread.php?t=735188&highlight=bind9+fail ).
AppArmor is currently running and my usr.sbin.named is:
# vim:syntax=apparmor
# Last Modified: Fri Jun 1 16:43:22 2007
#include <tunables/global>
/usr/sbin/named {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/doc/bind9/README.Debian.gz
# /etc/bind/** r,
# Dynamic updates needs zone and journal files rw. We just allow rw for all
# in /etc/bind, and let DAC handle the rest > moved to /var/lib/named/etc/bind
/var/lib/named/etc/bind/* rw,
# if local zones are in a subdirectory
/var/lib/named/etc/bind/zones/* rw,
/var/lib/named/etc/bind/zones/external/* rw,
/var/lib/named/etc/bind/zones/internal/* rw,
/var/lib/bind/** rw,
/var/lib/bind/ rw,
/var/cache/bind/** rw,
/var/cache/bind/ rw,
# some people like to put logs in /var/log/named/
/var/log/named/** rw,
# dnscvsutil package
/var/lib/dnscvsutil/compiled/** rw,
/proc/net/if_inet6 r,
/usr/sbin/named mr,
/var/lib/named/var/run/bind/run/named.pid w,
#/var/run/bind/run/named.pid w,
# support for resolvconf
/var/lib/named/var/run/bind/named.options r,
#/var/run/bind/named.options r,
# add also following lines thanks to Spezi2u
/var/lib/named/dev/null rw,
/var/lib/named/dev/random rw,
}
Contents of /etc/bind/ aka /var/lib/named/etc/bind/ are:
-rw-r--r-- 1 bind bind 237 2008-04-09 15:44 db.0
-rw-r--r-- 1 bind bind 271 2008-04-09 15:44 db.127
-rw-r--r-- 1 bind bind 237 2008-04-09 15:44 db.255
-rw-r--r-- 1 bind bind 353 2008-04-09 15:44 db.empty
-rw-r--r-- 1 bind bind 270 2008-04-09 15:44 db.local
-rw-r--r-- 1 bind bind 2878 2008-04-09 15:44 db.root
-rw-r--r-- 1 bind bind 907 2008-04-09 15:44 named.conf
-rw-r--r-- 1 bind bind 165 2008-04-09 15:44 named.conf.local
-rw-r--r-- 1 bind bind 3041 2008-12-21 13:51 named.conf.options
-rw------- 1 root root 695 2008-12-21 13:51 named.conf.options~
-rw-r----- 1 bind bind 77 2008-05-26 17:26 rndc.key
-rw-r--r-- 1 bind bind 1317 2008-04-09 15:44 zones.rfc1918
and still bind9 refuses to start from CLI or during reboot... It doesn't see to make any difference if I use OPTIONS="-u bind -t /var/lib/named" or OPTIONS="-u bind".
Any suggestions would greatly appreciated.