View Single Post
  #1  
Old 8th March 2006, 19:51
spaz spaz is offline
Junior Member
 
Join Date: Mar 2006
Posts: 4
Thanks: 0
Thanked 2 Times in 2 Posts
Exclamation Bind-Chroot-Howto (Debian)

Running Debian Sarge, 2.6.11 k7, on a server that also serves apache virtual sites. Server has an internal ip address, 192.168.x.x, is behind a router that forwards ports 80, 22, plus additional ports for bind, smtp (not setup yet) and one or two other ports I can't recall right now to the server.

Followed your how-to, bind-chroot-debian,
# /etc/init.d/bind9 start, get the following in log:

named[25046]: starting BIND 9.2.4 -u bind -t /var/lib/named
named[25046]: using 1 CPU
named[25046]: loading configuration from '/etc/bind/named.conf'
named[25046]: none:0: open: /etc/bind/named.conf: permission denied
named[25046]: loading configuration: permission denied
named[25046]: exiting (due to fatal error)

time and server name from log lines above removed to make more readable.

I think I have a permission problem in one of the directories created during one of the steps. After it failed the first time and I couldn't figure out what was wrong, I removed (purged) bind9 and started over a couple of times. But the directories that are created during one of the steps in the how-to remained, so the directory/permission problem may remain as well, if that is the problem.

Note that I had a restrictive umask setting for root as I am very paranoid about security. After I ran into problems, I changed it back to what was recommended to me on a debian list or what I found on another debian install, can't remember which.

Thinking back, I may have bind running as the wrong user, the config file may have the wrong user or group set, and I did try to make the config file readable to all to see if that fixed the problem. Nothing worked.

In /etc, the bind directory has root and bind as user/group, with rwxr-sr-x as permissions, the named.conf file is bind/bind with 664, rndc.key is 640 and all the other files in /etc/bind are user/group bind/bind and either 664 or 644

Thanks in advance for any help.
Reply With Quote
Sponsored Links