Results 1 to 10 of 14

Thread: Need help with bind9, permission denied

Hybrid View

  1. #1
    Join Date
    Nov 2012
    Beans
    10

    Lightbulb Need help with bind9, permission denied

    Hi all,
    I'm installing a ubuntu 12.04 server in a test environement for DHCP and DNS purpose.
    I've succesfull installed dhcp3-server ant it works.
    after this I installed bind9 and dnsutils.
    in the next steps I created the rndc.key file and used it in the named.conf.local file using
    Code:
    include "/etc/bind/rndc.key";
    I followed examples on a tutorial page to configure the other settings in named.conf.local, med.conf.options, med.conf.default-zones.

    The /etc/bind directory and its content have permissions 644 root:bind

    Now the problem starts when I want to start the bind9 service.
    when I run sudo service bind9 restart I get following error:
    Code:
     * Stopping domain name service... bind9                                                                                                                   WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
    rndc: connect failed: 127.0.0.1#953: connection refused
                                                                                                                                                        [ OK ]
     * Starting domain name service... bind9                                                                                                            [fail]
    when I look at /var/log/syslog I find following message:
    Code:
    Nov 13 08:47:54 Arwen named[16605]: starting BIND 9.8.1-P1 -u bind
    Nov 13 08:47:54 Arwen named[16605]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
    Nov 13 08:47:54 Arwen named[16605]: adjusted limit on open files from 4096 to 1048576
    Nov 13 08:47:54 Arwen named[16605]: found 1 CPU, using 1 worker thread
    Nov 13 08:47:54 Arwen named[16605]: using up to 4096 sockets
    Nov 13 08:47:54 Arwen named[16605]: loading configuration from '/etc/bind/named.conf'
    Nov 13 08:47:54 Arwen named[16605]: none:0: open: /etc/bind/named.conf: permission denied
    Nov 13 08:47:54 Arwen named[16605]: loading configuration: permission denied
    Nov 13 08:47:54 Arwen named[16605]: exiting (due to fatal error)
    I'm now confused if it is a permission issue or an rndc issue.
    Please help me.

  2. #2
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    1,320
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Need help with bind9, permission denied

    Perhaps try to separate the variables. I mean, first try to get everything working without rndc, and then, if you really need it, add rndc in later as a single change to something that is already working. (I don't use rndc on my server.)

  3. #3
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,056
    Distro
    Kubuntu Development Release

    Re: Need help with bind9, permission denied

    Apparently BIND does not think it has the permissions you think it has. The syslog error reads: "/etc/bind/named.conf: permission denied" so BIND cannot read the named.conf file.

    I agree with only adding rndc after you have gotten everything else working. I do not use rndc on my two public DNS servers either.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #4
    Join Date
    Nov 2012
    Beans
    10

    Re: Need help with bind9, permission denied

    Thanks for reply,
    After your answer I tried to remove the include rndc from the config file. but nothings changed.
    I recieve the same error messages as before. Then I tried to rename the rndc.key file and here is the output after restarting bind9
    Code:
     * Stopping domain name service... bind9        
    rndc: neither /etc/bind/rndc.conf nor /etc/bind/rndc.key was found
    How can I use bind without rndc?

    For permissions issues how can I verify with which user will bind run and how can I test if there are the correct permissions?

    the permissions now looks so:
    Code:
    -rw-r--r-- 1 root bind 2389 Oct  9 15:06 bind.keys
    -rw-r--r-- 1 root bind  237 Oct  9 15:06 db.0
    -rw-r--r-- 1 root bind  271 Oct  9 15:06 db.127
    -rw-r--r-- 1 root bind  423 Nov  8 16:13 db.172.20.100
    -rw-r--r-- 1 root bind  237 Oct  9 15:06 db.255
    -rw-r--r-- 1 root bind  353 Oct  9 15:06 db.empty
    -rw-r--r-- 1 root bind  270 Oct  9 15:06 db.local
    -rw-r--r-- 1 root bind  565 Nov  8 16:08 db.middle-earth.local
    -rw-r--r-- 1 root bind 2994 Oct  9 15:06 db.root
    -rw-r--r-- 1 root bind  707 Nov 14 15:49 named.conf
    -rw-r--r-- 1 root bind  490 Oct  9 15:06 named.conf.default-zones
    -rw-r--r-- 1 root bind  685 Nov 14 15:40 named.conf.local
    -rw-r--r-- 1 root bind  369 Nov 12 15:50 named.conf.options
    -rw-r--r-- 1 root bind   77 Nov 14 15:10 rndc.key.tmp
    -rw-r--r-- 1 root bind 1317 Oct  9 15:06 zones.rfc1918
    I assume that bind9 runs with user bind that is member of the group bind. In this case the permissions seems correct.

  5. #5
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    1,320
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Need help with bind9, permission denied

    I do have the default rndc.key file, which perhaps still has to be present, but I don't use rndc. My persmissions are a little different than yours:
    Code:
    doug@doug-64:~$ ls -l /etc/bind
    total 60
    -rw-r--r-- 1 root root 2389 Jul 25 14:35 bind.keys
    -rw-r--r-- 1 root root  237 Jul 25 14:35 db.0
    -rw-r--r-- 1 root root  271 Jul 25 14:35 db.127
    -r--r--r-- 1 root bind  933 Oct 12 10:37 db.192
    -rw-r--r-- 1 root root  237 Jul 25 14:35 db.255
    -rw-r--r-- 1 root root  353 Jul 25 14:35 db.empty
    -rw-r--r-- 1 root root  270 Jul 25 14:35 db.local
    -rw-r--r-- 1 root root 2994 Jul 25 14:35 db.root
    -r--r--r-- 1 root bind  984 Oct 12 10:37 db.smythies.com
    -rw-r--r-- 1 root bind  463 Jul 25 14:35 named.conf
    -rw-r--r-- 1 root bind  490 Jul 25 14:35 named.conf.default-zones
    -rw-r--r-- 1 root bind 3538 Oct 12 10:38 named.conf.local
    -rw-r--r-- 1 root bind  762 Oct 12 11:11 named.conf.options
    -rw-r----- 1 bind bind   77 Oct 12 09:29 rndc.key
    -rw-r--r-- 1 root root 1317 Jul 25 14:35 zones.rfc1918
    Although named.conf is the same.
    I tried a restart ( output edited to fit ):
    Code:
    doug@doug-64:~$ sudo service bind9 restart
    [sudo] password for doug:
     * Stopping domain name service... bind9
    waiting for pid 1121 to die
    [ OK ]
     * Starting domain name service... bind9
    [ OK ]
    doug@doug-64:~$
    Last edited by Doug S; November 14th, 2012 at 04:56 PM. Reason: added restart stuff

  6. #6
    Join Date
    Nov 2012
    Beans
    10

    Re: Need help with bind9, permission denied

    hello Doug,
    it seems that your permissions are more restrictive than mine... I think it should not hang on permissions related issues in this folder.

    Altough to continue testing I would like to start bind without rndc, but I really don't know how...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •