HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Permission Denied Bind Slave Server Problems (http://www.howtoforge.com/forums/showthread.php?t=27204)

wxman 27th September 2008 20:45

Permission Denied Bind Slave Server Problems
 
I know this has been asked a few hundred times, because I think I've read them all.

I have two servers that I set up using the "The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server)" article. The servers both work perfectly, except the second is set up as a slave, and I'm getting this:
Code:

Sep 27 13:21:27 server2 named[25319]: zone tlthost.net/IN: Transfer started.
Sep 27 13:21:27 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#59827
Sep 27 13:21:27 server2 named[25319]: dumping master file: tmp-NrfJj6zM6s: open: permission denied
Sep 27 13:21:27 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 27 13:21:27 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: end of transfer

for all my slave zones. I have checked the named.conf, all the zone files, and everything looks exactly as it should. The file owners for /var/lib/named/etc/bind/, and all it's files are bind:bind. The permissions are 775. I have shut off, and removed AppArmor. I followed the suggestion for others that had the same problem of setting:
Code:

chown root:root /etc/bind/rndc.key
chmod 755 /etc/bind/rndc.key

but that didn't help.
I know it's just something I'm missing, but it's driving me nuts trying to find it!

falko 28th September 2008 14:51

What's in the log on the master when the slave tries to start a zone transfer?

wxman 28th September 2008 15:04

This is from this morning.

PRIMARY SERVER:
Code:

Sep 28 06:55:35 server1 named[26955]: client 192.168.xx.xxx#49725: transfer of 'tlthost.net/IN': AXFR-style IXFR started
Sep 28 06:55:35 server1 named[26955]: client 192.168.xx.xxx#49725: transfer of 'tlthost.net/IN': AXFR-style IXFR ended

SLAVE:
Code:

Sep 28 06:55:35 server2 named[25319]: zone tlthost.net/IN: Transfer started.
Sep 28 06:55:35 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#49725
Sep 28 06:55:35 server2 named[25319]: dumping master file: tmp-eoC1UgYwOE: open: permission denied
Sep 28 06:55:35 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 28 06:55:35 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: end of transfer


falko 29th September 2008 18:36

Ok, the problem seems to be on the slave only, probably directory permissions. What's the output of
Code:

ls -la /etc/bind/
?

wxman 30th September 2008 04:43

This is off of the slave:
Code:

root@server2:~# ls -la /etc/bind/
total 88
drwxrwsr-x 2 bind bind 4096 2008-09-27 13:24 .
drwxr-xr-x 3 root root 4096 2008-07-17 12:10 ..
-rw-r--r-- 1 bind bind  237 2008-07-07 17:06 db.0
-rw-r--r-- 1 bind bind  271 2008-07-07 17:06 db.127
-rw-r--r-- 1 bind bind  237 2008-07-07 17:06 db.255
-rw-r--r-- 1 bind bind  353 2008-07-07 17:06 db.empty
-rw-r--r-- 1 bind bind  545 2008-09-23 12:40 db.local
-rw-r--r-- 1 bind bind 2878 2008-07-07 17:06 db.root
-rw-r--r-- 1 root root 1725 2008-09-27 13:24 named.conf
-rw-r--r-- 1 root root  819 2008-08-02 12:54 named.conf~
-rw-r--r-- 1 bind bind  165 2008-07-07 17:06 named.conf.local
-rw-r--r-- 1 bind bind  695 2008-07-24 12:38 named.conf.options
-rw-r--r-- 1 root bind  769 2008-09-23 11:28 pri.191.223.64.in-addr.arpa
-rwxrwxr-x 1 bind bind  77 2008-07-17 12:08 rndc.key
-rw-r--r-- 1 bind bind  474 2008-09-29 16:19 sec.bette-ford.com
-rw-r--r-- 1 bind bind  508 2008-09-29 17:16 sec.blacks-abroad.com
-rw-r--r-- 1 bind bind  471 2008-09-29 16:17 sec.music-ink.com
-rw-r--r-- 1 bind bind  506 2008-09-29 15:37 sec.niquistanhope.com
-rw-r--r-- 1 bind bind  479 2008-09-29 15:14 sec.ourbookspace.com
-rw-r--r-- 1 bind bind  559 2008-09-29 17:07 sec.tlthost.net
-rw-r--r-- 1 bind bind  479 2008-09-29 16:02 sec.vonniehughes.com
-rw-r--r-- 1 bind bind 1317 2008-07-07 17:06 zones.rfc1918


falko 30th September 2008 18:23

Can you try this?
Code:

chown bind:bind /etc/bind/named.conf

wxman 1st October 2008 01:42

Falko, I tried this. I changed all the serial numbers on the master zone files, then did a restart of Bind. I then used Webmin to force zone updates on the slave of two of the files, bette-ford.com and niquistanhope.com. I then let the system do it's own thing after that. Here is the log entries showing the updates. I broke it up to make it easier to see.

Code:

Sep 30 16:30:22 server2 named[29985]: zone bette-ford.com/IN: Transfer started.
Sep 30 16:30:22 server2 named[29985]: transfer of 'bette-ford.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#59075
Sep 30 16:30:22 server2 named[29985]: zone bette-ford.com/IN: transferred serial 2008093003
Sep 30 16:30:22 server2 named[29985]: transfer of 'bette-ford.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 16:30:22 server2 named[29985]: zone bette-ford.com/IN: sending notifies (serial 2008093003)

Sep 30 16:32:55 server2 named[29985]: zone niquistanhope.com/IN: Transfer started.
Sep 30 16:32:55 server2 named[29985]: transfer of 'niquistanhope.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#56298
Sep 30 16:32:55 server2 named[29985]: zone niquistanhope.com/IN: transferred serial 2008093003
Sep 30 16:32:55 server2 named[29985]: transfer of 'niquistanhope.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 16:32:55 server2 named[29985]: zone niquistanhope.com/IN: sending notifies (serial 2008093003)

Sep 30 16:39:59 server2 named[25319]: zone ourbookspace.com/IN: Transfer started.
Sep 30 16:39:59 server2 named[25319]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#41863
Sep 30 16:39:59 server2 named[25319]: dumping master file: tmp-3Bk5cAPzZU: open: permission denied
Sep 30 16:39:59 server2 named[25319]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 30 16:39:59 server2 named[25319]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: end of transfer

Sep 30 16:44:21 server2 named[29985]: client 88.191.64.64#52197: zone transfer 'tlthost.net/AXFR/IN' denied
Sep 30 16:46:08 server2 named[29985]: client 87.98.164.164#46434: zone transfer 'tlthost.net/AXFR/IN' denied

Sep 30 16:51:37 server2 named[29985]: zone ourbookspace.com/IN: Transfer started.
Sep 30 16:51:37 server2 named[29985]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#58254
Sep 30 16:51:37 server2 named[29985]: zone ourbookspace.com/IN: transferred serial 2008093003
Sep 30 16:51:37 server2 named[29985]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 16:51:37 server2 named[29985]: zone ourbookspace.com/IN: sending notifies (serial 2008093003)

Sep 30 17:12:35 server2 named[29985]: zone vonniehughes.com/IN: Transfer started.
Sep 30 17:12:35 server2 named[29985]: transfer of 'vonniehughes.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#55451
Sep 30 17:12:35 server2 named[29985]: zone vonniehughes.com/IN: transferred serial 2008093003
Sep 30 17:12:35 server2 named[29985]: transfer of 'vonniehughes.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 17:12:35 server2 named[29985]: zone vonniehughes.com/IN: sending notifies (serial 2008093003)

Sep 30 17:18:33 server2 named[29985]: zone music-ink.com/IN: Transfer started.
Sep 30 17:18:33 server2 named[29985]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#41365
Sep 30 17:18:33 server2 named[29985]: zone music-ink.com/IN: transferred serial 2008093003
Sep 30 17:18:33 server2 named[29985]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 17:18:33 server2 named[29985]: zone music-ink.com/IN: sending notifies (serial 2008093003)

Sep 30 17:46:03 server2 named[29985]: client 195.234.42.1#52919: zone transfer 'tlthost.net/AXFR/IN' denied
Sep 30 17:48:34 server2 named[29985]: client 195.234.42.1#54338: zone transfer 'tlthost.net/AXFR/IN' denied

Sep 30 17:54:51 server2 named[25319]: zone 191.223.64.in-addr.arpa/IN: Transfer started.
Sep 30 17:54:51 server2 named[25319]: transfer of '191.223.64.in-addr.arpa/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#54348
Sep 30 17:54:51 server2 named[25319]: transfer of '191.223.64.in-addr.arpa/IN' from 192.168.xx.xxx#53: failed while receiving responses: REFUSED
Sep 30 17:54:51 server2 named[25319]: transfer of '191.223.64.in-addr.arpa/IN' from 192.168.xx.xxx#53: end of transfer

Sep 30 18:01:44 server2 named[29985]: zone tlthost.net/IN: Transfer started.
Sep 30 18:01:44 server2 named[29985]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#48690
Sep 30 18:01:44 server2 named[29985]: zone tlthost.net/IN: transferred serial 2008093003
Sep 30 18:01:44 server2 named[29985]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 18:01:44 server2 named[29985]: zone tlthost.net/IN: sending notifies (serial 2008093003)

Sep 30 18:06:44 server2 named[29985]: zone blacks-abroad.com/IN: Transfer started.
Sep 30 18:06:44 server2 named[29985]: transfer of 'blacks-abroad.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#43491
Sep 30 18:06:44 server2 named[29985]: zone blacks-abroad.com/IN: transferred serial 2008093003
Sep 30 18:06:44 server2 named[29985]: transfer of 'blacks-abroad.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 18:06:44 server2 named[29985]: zone blacks-abroad.com/IN: sending notifies (serial 2008093003)

Sep 30 18:19:43 server2 named[25319]: zone tlthost.net/IN: Transfer started.
Sep 30 18:19:43 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#39139
Sep 30 18:19:43 server2 named[25319]: dumping master file: tmp-TIFUF7mdZe: open: permission denied
Sep 30 18:19:43 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 30 18:19:43 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: end of transfer

Sep 30 18:32:34 server2 named[25319]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#55507
Sep 30 18:32:34 server2 named[25319]: dumping master file: tmp-j2wvUvmPaP: open: permission denied
Sep 30 18:32:34 server2 named[25319]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 30 18:32:34 server2 named[25319]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: end of transfer

I've checked, and all the ones I changed have updated on the slave zones now. As you can see, I'm still getting "permission denied" errors though. At least it seems that the updates are getting through.

wxman 4th October 2008 20:54

I keep checking every day, and the same thing is still going on. The slave zones seem to be getting updated when I change the serial number on the masters, but I keep getting "dumping master file: tmp-eoC1UgYwOE: open: permission denied" like errors on all of them.

The only thing I haven't tried for a while is the suggestion to move all the slave zone files to a different directory. I tried it once before, but it didn't work at all. No updates were getting through anytime. I might have had the file permissions wrong at the time though. I still would rather not do that if possible because I like the setup as it is now.

This really is frustrating, especially since nothing seems to be wrong.

falko 5th October 2008 21:00

You can try this: http://www.lunarlamp.co.uk/bind-perm...enied-solution

wxman 5th October 2008 22:35

I think he typed his solution backwards, but I'm giving it a try now.
I did:
Code:

chown bind:bind /var/cache/bind
chmod g+w /var/cache/bind

I'll check my logs a bit later. I don't think it's related, but I also get an occasional rndc permission fail when I try to restart bind.


All times are GMT +2. The time now is 08:48.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.