Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th September 2008, 19:45
wxman wxman is offline
Senior Member
 
Join Date: May 2007
Posts: 189
Thanks: 11
Thanked 2 Times in 2 Posts
Default Permission Denied Bind Slave Server Problems

I know this has been asked a few hundred times, because I think I've read them all.

I have two servers that I set up using the "The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server)" article. The servers both work perfectly, except the second is set up as a slave, and I'm getting this:
Code:
Sep 27 13:21:27 server2 named[25319]: zone tlthost.net/IN: Transfer started.
Sep 27 13:21:27 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#59827
Sep 27 13:21:27 server2 named[25319]: dumping master file: tmp-NrfJj6zM6s: open: permission denied
Sep 27 13:21:27 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 27 13:21:27 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: end of transfer
for all my slave zones. I have checked the named.conf, all the zone files, and everything looks exactly as it should. The file owners for /var/lib/named/etc/bind/, and all it's files are bind:bind. The permissions are 775. I have shut off, and removed AppArmor. I followed the suggestion for others that had the same problem of setting:
Code:
chown root:root /etc/bind/rndc.key
chmod 755 /etc/bind/rndc.key
but that didn't help.
I know it's just something I'm missing, but it's driving me nuts trying to find it!
Reply With Quote
Sponsored Links
  #2  
Old 28th September 2008, 13:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

What's in the log on the master when the slave tries to start a zone transfer?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 28th September 2008, 14:04
wxman wxman is offline
Senior Member
 
Join Date: May 2007
Posts: 189
Thanks: 11
Thanked 2 Times in 2 Posts
Default

This is from this morning.

PRIMARY SERVER:
Code:
Sep 28 06:55:35 server1 named[26955]: client 192.168.xx.xxx#49725: transfer of 'tlthost.net/IN': AXFR-style IXFR started
Sep 28 06:55:35 server1 named[26955]: client 192.168.xx.xxx#49725: transfer of 'tlthost.net/IN': AXFR-style IXFR ended
SLAVE:
Code:
Sep 28 06:55:35 server2 named[25319]: zone tlthost.net/IN: Transfer started.
Sep 28 06:55:35 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#49725
Sep 28 06:55:35 server2 named[25319]: dumping master file: tmp-eoC1UgYwOE: open: permission denied
Sep 28 06:55:35 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 28 06:55:35 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: end of transfer
Reply With Quote
  #4  
Old 29th September 2008, 17:36
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Ok, the problem seems to be on the slave only, probably directory permissions. What's the output of
Code:
ls -la /etc/bind/
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 30th September 2008, 03:43
wxman wxman is offline
Senior Member
 
Join Date: May 2007
Posts: 189
Thanks: 11
Thanked 2 Times in 2 Posts
Default

This is off of the slave:
Code:
root@server2:~# ls -la /etc/bind/
total 88
drwxrwsr-x 2 bind bind 4096 2008-09-27 13:24 .
drwxr-xr-x 3 root root 4096 2008-07-17 12:10 ..
-rw-r--r-- 1 bind bind  237 2008-07-07 17:06 db.0
-rw-r--r-- 1 bind bind  271 2008-07-07 17:06 db.127
-rw-r--r-- 1 bind bind  237 2008-07-07 17:06 db.255
-rw-r--r-- 1 bind bind  353 2008-07-07 17:06 db.empty
-rw-r--r-- 1 bind bind  545 2008-09-23 12:40 db.local
-rw-r--r-- 1 bind bind 2878 2008-07-07 17:06 db.root
-rw-r--r-- 1 root root 1725 2008-09-27 13:24 named.conf
-rw-r--r-- 1 root root  819 2008-08-02 12:54 named.conf~
-rw-r--r-- 1 bind bind  165 2008-07-07 17:06 named.conf.local
-rw-r--r-- 1 bind bind  695 2008-07-24 12:38 named.conf.options
-rw-r--r-- 1 root bind  769 2008-09-23 11:28 pri.191.223.64.in-addr.arpa
-rwxrwxr-x 1 bind bind   77 2008-07-17 12:08 rndc.key
-rw-r--r-- 1 bind bind  474 2008-09-29 16:19 sec.bette-ford.com
-rw-r--r-- 1 bind bind  508 2008-09-29 17:16 sec.blacks-abroad.com
-rw-r--r-- 1 bind bind  471 2008-09-29 16:17 sec.music-ink.com
-rw-r--r-- 1 bind bind  506 2008-09-29 15:37 sec.niquistanhope.com
-rw-r--r-- 1 bind bind  479 2008-09-29 15:14 sec.ourbookspace.com
-rw-r--r-- 1 bind bind  559 2008-09-29 17:07 sec.tlthost.net
-rw-r--r-- 1 bind bind  479 2008-09-29 16:02 sec.vonniehughes.com
-rw-r--r-- 1 bind bind 1317 2008-07-07 17:06 zones.rfc1918
Reply With Quote
  #6  
Old 30th September 2008, 17:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Can you try this?
Code:
chown bind:bind /etc/bind/named.conf
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 1st October 2008, 00:42
wxman wxman is offline
Senior Member
 
Join Date: May 2007
Posts: 189
Thanks: 11
Thanked 2 Times in 2 Posts
Default

Falko, I tried this. I changed all the serial numbers on the master zone files, then did a restart of Bind. I then used Webmin to force zone updates on the slave of two of the files, bette-ford.com and niquistanhope.com. I then let the system do it's own thing after that. Here is the log entries showing the updates. I broke it up to make it easier to see.

Code:
Sep 30 16:30:22 server2 named[29985]: zone bette-ford.com/IN: Transfer started.
Sep 30 16:30:22 server2 named[29985]: transfer of 'bette-ford.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#59075
Sep 30 16:30:22 server2 named[29985]: zone bette-ford.com/IN: transferred serial 2008093003
Sep 30 16:30:22 server2 named[29985]: transfer of 'bette-ford.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 16:30:22 server2 named[29985]: zone bette-ford.com/IN: sending notifies (serial 2008093003)

Sep 30 16:32:55 server2 named[29985]: zone niquistanhope.com/IN: Transfer started.
Sep 30 16:32:55 server2 named[29985]: transfer of 'niquistanhope.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#56298
Sep 30 16:32:55 server2 named[29985]: zone niquistanhope.com/IN: transferred serial 2008093003
Sep 30 16:32:55 server2 named[29985]: transfer of 'niquistanhope.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 16:32:55 server2 named[29985]: zone niquistanhope.com/IN: sending notifies (serial 2008093003)

Sep 30 16:39:59 server2 named[25319]: zone ourbookspace.com/IN: Transfer started.
Sep 30 16:39:59 server2 named[25319]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#41863
Sep 30 16:39:59 server2 named[25319]: dumping master file: tmp-3Bk5cAPzZU: open: permission denied
Sep 30 16:39:59 server2 named[25319]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 30 16:39:59 server2 named[25319]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: end of transfer

Sep 30 16:44:21 server2 named[29985]: client 88.191.64.64#52197: zone transfer 'tlthost.net/AXFR/IN' denied
Sep 30 16:46:08 server2 named[29985]: client 87.98.164.164#46434: zone transfer 'tlthost.net/AXFR/IN' denied

Sep 30 16:51:37 server2 named[29985]: zone ourbookspace.com/IN: Transfer started.
Sep 30 16:51:37 server2 named[29985]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#58254
Sep 30 16:51:37 server2 named[29985]: zone ourbookspace.com/IN: transferred serial 2008093003
Sep 30 16:51:37 server2 named[29985]: transfer of 'ourbookspace.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 16:51:37 server2 named[29985]: zone ourbookspace.com/IN: sending notifies (serial 2008093003)

Sep 30 17:12:35 server2 named[29985]: zone vonniehughes.com/IN: Transfer started.
Sep 30 17:12:35 server2 named[29985]: transfer of 'vonniehughes.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#55451
Sep 30 17:12:35 server2 named[29985]: zone vonniehughes.com/IN: transferred serial 2008093003
Sep 30 17:12:35 server2 named[29985]: transfer of 'vonniehughes.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 17:12:35 server2 named[29985]: zone vonniehughes.com/IN: sending notifies (serial 2008093003)

Sep 30 17:18:33 server2 named[29985]: zone music-ink.com/IN: Transfer started.
Sep 30 17:18:33 server2 named[29985]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#41365
Sep 30 17:18:33 server2 named[29985]: zone music-ink.com/IN: transferred serial 2008093003
Sep 30 17:18:33 server2 named[29985]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 17:18:33 server2 named[29985]: zone music-ink.com/IN: sending notifies (serial 2008093003)

Sep 30 17:46:03 server2 named[29985]: client 195.234.42.1#52919: zone transfer 'tlthost.net/AXFR/IN' denied
Sep 30 17:48:34 server2 named[29985]: client 195.234.42.1#54338: zone transfer 'tlthost.net/AXFR/IN' denied

Sep 30 17:54:51 server2 named[25319]: zone 191.223.64.in-addr.arpa/IN: Transfer started.
Sep 30 17:54:51 server2 named[25319]: transfer of '191.223.64.in-addr.arpa/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#54348
Sep 30 17:54:51 server2 named[25319]: transfer of '191.223.64.in-addr.arpa/IN' from 192.168.xx.xxx#53: failed while receiving responses: REFUSED
Sep 30 17:54:51 server2 named[25319]: transfer of '191.223.64.in-addr.arpa/IN' from 192.168.xx.xxx#53: end of transfer

Sep 30 18:01:44 server2 named[29985]: zone tlthost.net/IN: Transfer started.
Sep 30 18:01:44 server2 named[29985]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#48690
Sep 30 18:01:44 server2 named[29985]: zone tlthost.net/IN: transferred serial 2008093003
Sep 30 18:01:44 server2 named[29985]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 18:01:44 server2 named[29985]: zone tlthost.net/IN: sending notifies (serial 2008093003)

Sep 30 18:06:44 server2 named[29985]: zone blacks-abroad.com/IN: Transfer started.
Sep 30 18:06:44 server2 named[29985]: transfer of 'blacks-abroad.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#43491
Sep 30 18:06:44 server2 named[29985]: zone blacks-abroad.com/IN: transferred serial 2008093003
Sep 30 18:06:44 server2 named[29985]: transfer of 'blacks-abroad.com/IN' from 192.168.xx.xxx#53: end of transfer
Sep 30 18:06:44 server2 named[29985]: zone blacks-abroad.com/IN: sending notifies (serial 2008093003)

Sep 30 18:19:43 server2 named[25319]: zone tlthost.net/IN: Transfer started.
Sep 30 18:19:43 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#39139
Sep 30 18:19:43 server2 named[25319]: dumping master file: tmp-TIFUF7mdZe: open: permission denied
Sep 30 18:19:43 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 30 18:19:43 server2 named[25319]: transfer of 'tlthost.net/IN' from 192.168.xx.xxx#53: end of transfer

Sep 30 18:32:34 server2 named[25319]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: connected using 192.168.xx.xxx#55507
Sep 30 18:32:34 server2 named[25319]: dumping master file: tmp-j2wvUvmPaP: open: permission denied
Sep 30 18:32:34 server2 named[25319]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: failed while receiving responses: permission denied
Sep 30 18:32:34 server2 named[25319]: transfer of 'music-ink.com/IN' from 192.168.xx.xxx#53: end of transfer
I've checked, and all the ones I changed have updated on the slave zones now. As you can see, I'm still getting "permission denied" errors though. At least it seems that the updates are getting through.
Reply With Quote
  #8  
Old 4th October 2008, 19:54
wxman wxman is offline
Senior Member
 
Join Date: May 2007
Posts: 189
Thanks: 11
Thanked 2 Times in 2 Posts
Default

I keep checking every day, and the same thing is still going on. The slave zones seem to be getting updated when I change the serial number on the masters, but I keep getting "dumping master file: tmp-eoC1UgYwOE: open: permission denied" like errors on all of them.

The only thing I haven't tried for a while is the suggestion to move all the slave zone files to a different directory. I tried it once before, but it didn't work at all. No updates were getting through anytime. I might have had the file permissions wrong at the time though. I still would rather not do that if possible because I like the setup as it is now.

This really is frustrating, especially since nothing seems to be wrong.
Reply With Quote
  #9  
Old 5th October 2008, 20:00
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

You can try this: http://www.lunarlamp.co.uk/bind-perm...enied-solution
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 5th October 2008, 21:35
wxman wxman is offline
Senior Member
 
Join Date: May 2007
Posts: 189
Thanks: 11
Thanked 2 Times in 2 Posts
 
Default

I think he typed his solution backwards, but I'm giving it a try now.
I did:
Code:
chown bind:bind /var/cache/bind
chmod g+w /var/cache/bind
I'll check my logs a bit later. I don't think it's related, but I also get an occasional rndc permission fail when I try to restart bind.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot connect to saslauthd server: Permission denied migm HOWTO-Related Questions 9 20th February 2011 03:18
rsync: opendir "/var/www/web44/web" failed: Permission denied (13) adrenalinic HOWTO-Related Questions 7 4th August 2009 13:16
Problem with keeping Apache alive bobeq Server Operation 3 29th November 2007 16:11
SuSE as master DNS server and Centos as slave DNS server... sthompson Server Operation 3 17th September 2006 13:24
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 02:30


All times are GMT +2. The time now is 23:47.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.