Primary & secondary DNS-Server Problems: permission denied

Discussion in 'Installation/Configuration' started by Pasco, Jul 17, 2006.

  1. Pasco

    Pasco HowtoForge Supporter

    Hi 2gether

    I tried to set up my DNS primary and slave server for my domain pasco.ch. So far it looked good. It has already functioned, more or less. But there still seems to be a big problem with my slave DNS server.

    If I check var/log/messages from my secondary DNS Server there are following error messages:

    Jul 17 22:26:15 tom named[31488]: transfer of 'pasco.ch/IN' from 217.162.76.43#53: connected using 192.168.100.2#56190
    Jul 17 22:26:16 tom named[31488]: dumping master file: tmp-TKR1FpouaN: open: permission denied
    Jul 17 22:26:16 tom named[31488]: transfer of 'pasco.ch/IN' from 217.162.76.43#53: failed while receiving responses: permission denied
    Jul 17 22:26:16 tom named[31488]: transfer of 'pasco.ch/IN' from 217.162.76.43#53: end of transfer


    What do I wrong? If I check my nameservers with dnsreport.com I get following (main) errors:

    All nameservers report identical NS records WARNING: At least one of your nameservers did not return your NS records (it reported 0 answers). This could be because of a referral, if you have a lame nameserver (which would need to be fixed).

    84.75.88.120 returns 0 answers (may be a referral)


    and

    FAIL Lame nameservers ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
    84.75.88.120


    I guess, these two errors are the result of the above mentioned permission denied message? What do I wrong?

    Thanks for your advice.
    P@sco
     
  2. edge

    edge HowtoForge Supporter

    Did you open port 53 TCP and UDP for the DNS?
     
  3. Pasco

    Pasco HowtoForge Supporter

    yes

    Yes I did. In fact, the primary DNS Server seems to be able to communicate with the secondary DNS Server and in reverse too.
     
  4. Ben

    Ben HowtoForge Supporter

     
  5. sjau

    sjau Local Meanie

    If you are using bind, did you set allow-transfer correctly?
     
  6. falko

    falko Super Moderator

    Which distribution do you use on your secondary DNS?
     
  7. Pasco

    Pasco HowtoForge Supporter

    @ Ben: Permissions are set correct (1777) and also owner:group

    @ sjau: No, I haven't set allow-transfer, but I thought this is done by ISP-DNS-Manager automaticly...

    @ falko: I'm using ISPConfig Vers. 2.1.2 on the secondary dns server..ups, quite old. That's why I'm updating now the system to 2.2.5 :).

    Was there any DNS Secondary Server issue on 2.1.2? :)

    Thx, p@sco
     
  8. sjau

    sjau Local Meanie

    @ Pasco

    I'm not familiar with the ISP-DNS-Manager... if it makes config files for Bind then have a look at them and check whether the allow-transfer is set properly...
     
  9. falko

    falko Super Moderator

    I don't mean your ISPConfig version, I need to know which Linux distribution you use - Fedora, Debian, SuSE, etc.
     
  10. Pasco

    Pasco HowtoForge Supporter

    @ Falko: Oh, I've overread that...you've meant my distro. On the primary DNS Server I use Fedora Core 4 and on the secondary DNS Server Fedora Core 5.
     
  11. falko

    falko Super Moderator

    Ok, then do this:

    Code:
    chmod 755 /var/named/
    chmod 775 /var/named/chroot/
    chmod 775 /var/named/chroot/var/
    chmod 775 /var/named/chroot/var/named/
    chmod 775 /var/named/chroot/var/run/
    chmod 777 /var/named/chroot/var/run/named/
    on both of them.
     

Share This Page