p2bc
August 23rd, 2009, 04:38 PM
After a post I was trying to help out a couple of weeks ago, my interests were spired in setting up a DNS server (again).
Found an interesting guild on how to setup an over all server. Decided to actually implement the section on the DNS server on a virtual machine just to give it a go and well this is what ensued.
Following code segments are from the guide
apt-get install bind9
##For security reasons we want to run BIND chrooted so we have to do the
##following steps:
/etc/init.d/bind9 stop
##Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged
##user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so
##that it reads OPTIONS="-u bind -t /var/lib/named":
vi /etc/default/bind9
##Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
##Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
##Create a symlink to the new config directory from the old location (to avoid
##problems when bind gets updated in the future)
ln -s /var/lib/named/etc/bind /etc/bind
##Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
##Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
PS: I love how they put that second to last line in, because there was an error.
Ok, so everything went perfectly without a hitch until the last step with restarting.
Won't restart, I check the log and it says I don't have permission to do this action, although I am doing it as root.
Aug 23 10:42:49 user-VM named[3116]: starting BIND 9.5.1-P2 -u bind -t /var/lib/na$
Aug 23 10:42:49 user-VM named[3116]: found 1 CPU, using 1 worker thread
Aug 23 10:42:49 user-VM named[3116]: using up to 4096 sockets
Aug 23 10:42:49 user-VM named[3116]: loading configuration from '/etc/bind/named.conf'
Aug 23 10:42:49 user-VM named[3116]: none:0: open: /etc/bind/named.conf: permission denied
Aug 23 10:42:49 user-VM named[3116]: loading configuration: permission denied
Aug 23 10:42:49 user-VM named[3116]: exiting (due to fatal error)
So I do a "ls -la /etc/bind/named.conf" and it says it belongs to "bind:bind".I go to the user and group management window to try a quick fix, I added myself and root to the "bind" group, nadda, no good still won't work. Tried "su bind" but seems there is a password ???.
So my question, after all this, how do I get this bad boy working and what went wrong, or over looked. And is there a better way.
Found an interesting guild on how to setup an over all server. Decided to actually implement the section on the DNS server on a virtual machine just to give it a go and well this is what ensued.
Following code segments are from the guide
apt-get install bind9
##For security reasons we want to run BIND chrooted so we have to do the
##following steps:
/etc/init.d/bind9 stop
##Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged
##user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so
##that it reads OPTIONS="-u bind -t /var/lib/named":
vi /etc/default/bind9
##Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
##Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
##Create a symlink to the new config directory from the old location (to avoid
##problems when bind gets updated in the future)
ln -s /var/lib/named/etc/bind /etc/bind
##Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
##Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
PS: I love how they put that second to last line in, because there was an error.
Ok, so everything went perfectly without a hitch until the last step with restarting.
Won't restart, I check the log and it says I don't have permission to do this action, although I am doing it as root.
Aug 23 10:42:49 user-VM named[3116]: starting BIND 9.5.1-P2 -u bind -t /var/lib/na$
Aug 23 10:42:49 user-VM named[3116]: found 1 CPU, using 1 worker thread
Aug 23 10:42:49 user-VM named[3116]: using up to 4096 sockets
Aug 23 10:42:49 user-VM named[3116]: loading configuration from '/etc/bind/named.conf'
Aug 23 10:42:49 user-VM named[3116]: none:0: open: /etc/bind/named.conf: permission denied
Aug 23 10:42:49 user-VM named[3116]: loading configuration: permission denied
Aug 23 10:42:49 user-VM named[3116]: exiting (due to fatal error)
So I do a "ls -la /etc/bind/named.conf" and it says it belongs to "bind:bind".I go to the user and group management window to try a quick fix, I added myself and root to the "bind" group, nadda, no good still won't work. Tried "su bind" but seems there is a password ???.
So my question, after all this, how do I get this bad boy working and what went wrong, or over looked. And is there a better way.