Help dns

**thangtranit90** · 01-22-2013

HI everybody .I have a problem with my config DNS .Named start is FAILED
I use command line tail -f /var/log/message to fix but I can't find problem
tail -f /var/log/messages
Jan 22 11:13:24 server1 named[9033]: loading configuration: file not found
Jan 22 11:13:24 server1 named[9033]: exiting (due to fatal error)
Jan 22 11:20:50 server1 named[9865]: starting BIND 9.3.4-P1 -u named -t /var/named/chroot
Jan 22 11:20:50 server1 named[9865]: found 1 CPU, using 1 worker thread
Jan 22 11:20:50 server1 named[9865]: loading configuration from '/etc/named.conf'
Jan 22 11:20:50 server1 named[9865]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 22 11:20:50 server1 named[9865]: listening on IPv4 interface eth0, 192.168.1.1#53
Jan 22 11:20:50 server1 named[9865]: could not configure root hints from 'named.root': permission denied
Jan 22 11:20:50 server1 named[9865]: loading configuration: permission denied
Jan 22 11:20:50 server1 named[9865]: exiting (due to fatal error)

this is my named.conf

acl mynet {

192.168.1.0/24;

127.0.0.1;

};

options {

allow-transfer {none;};

directory "/var/named";

query-source port 53;

query-source-v6 port 53;

dump-file "var/named/data/cache_dump.db";

statistics-file "var/named/data/named_stats.txt";

memstatistics-file "var/named/data/named_mem_stats.txt";

notify yes;

};

zone "." IN {

type hint;

file "named.root";

};

zone "nhatnghe.com" IN {

type master;

file "nhatnghe.db";

};

zone "localhost" IN {

type master;

file "localhost.db";

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "0.0.127.in-addr.arpa.db";

};

zone "1.168.192.in-addr.arpa" {

type master;

file "1.168.192.in-addr.arpa.db";

};

This is my nhatnghe.db
$TTL 86400

IN SOA server1.nhatnghe.com. root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS server1.nhatnghe.com.

IN MX 10 server1

1D IN A 192.168.1.1 ; web site

server1 1D IN A 192.168.1.1

server1 1D IN A 10.0.0.1

www 1D IN CNAME server1 ; web site

mail 1D IN CNAME server1

ftp 1D IN CNAME server1

$TTL 86400
IN SOA server1.nhatnghe.com. root. (
3 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttk
)

IN NS server1.nhatnghe.com.
1 IN PTR server1.nhatnghe.com.

help me

**Lazydog** · 01-22-2013

As what user are you starting bind?

**thangtranit90** · 01-22-2013

Originally Posted by Lazydog

As what user are you starting bind?

I start bind by user root

**Lazydog** · 01-22-2013

Hhmmm........

Looking at the log file you posted the parts with permission denied state otherwise.

Can you post the output of the command you are using to start bind?

**Krendoshazin** · 01-23-2013

You're starting BIND with '-t /var/named/chroot' which forces BIND to chroot to that directory, and then setting 'directory "/var/named";' via the configuration which is relative to the root of the jail. This will cause it to look for named.root in '/var/named/chroot/var/named'.

Everything needs to be relative to directory you specify with -t, and so if you have /var/named/chroot/etc/namedb/named.root, then directory should be /etc/namedb.

**Krendoshazin** · 01-25-2013

I just had a thought that in addition to what I've mentioned above, you're also running bind as the user named.

Code:

BIND 9.3.4-P1 -u named -t /var/named/chroot

You'll need to make sure that everything in /var/named/chroot is owned by user named and group named. You may be root, but the program isn't.

Thread Tools

Display

Help dns

Posting Permissions