I am running bind 9.3.1 on SuSE Open 10 and bind 9.3.2 on SuSE 10.1, as master and slave servers respectively. The problem I'm having is that the slave server will get the zone from the master and then bomb out when trying to rename it to the zone file needed on the slave server. The syslog messages look like this: transfer of 'test.com/IN' from 172.30.1.50#53": connected using 172.30.1.51:40269 dumping master file: rename: slave/bak.test.com: permission denied The daemon runs in a chroot jail in /var/lib/named, the directory that holds the zone files, /var/lib/named/slave is owned by the user named that bind runs as. Each time bind tries to get a copy of the zone from the master it creates a file "tmp-[unique string] in the slave directory but never creates the zone file. I have looked at these files and they contain the zone information complete from the master server. I have tried creating the zone file first and then starting the slave server so it could update and existing file. When I try this the permission denied errors go away, but the zone file I have created does not get updated. I have turned on notify on the master server to make sure the slave was notified of the changes so it could get the updated file, but to no avail. I have searched far and wide on the web for anything close to this type of error and have found nothing. The closest I have come are errors about permissions in the chroot jail not being assigned to the proper user. I have checked this several times and because the named user can, and does, create the "tmp-" files, this is not the problem. Any help would be greatly appreciated. Doug Doug Morris Amerimark Direct LLC IT Infrastructure Ext: 2243
Doug Morris wrote:
I am running bind 9.3.1 on SuSE Open 10 and bind 9.3.2 on SuSE 10.1, as master and slave servers respectively. The problem I'm having is that the slave server will get the zone from the master and then bomb out when trying to rename it to the zone file needed on the slave server.
The syslog messages look like this:
transfer of 'test.com/IN' from 172.30.1.50#53": connected using 172.30.1.51:40269
dumping master file: rename: slave/bak.test.com: permission denied
Sounds AppArmor getting in the way - any mentions of this file in /var/log/audit/audit.log ? To update the AA profile, run "aa-genprof <named binary>" or use "complain <named binary>" to turn the AA rejects into warnings. /Per Jessen, Zürich
On Friday 26 May 2006 17:26, Doug Morris wrote:
I am running bind 9.3.1 on SuSE Open 10 and bind 9.3.2 on SuSE 10.1, as master and slave servers respectively. The problem I'm having is that the slave server will get the zone from the master and then bomb out when trying to rename it to the zone file needed on the slave server.
The syslog messages look like this:
transfer of 'test.com/IN' from 172.30.1.50#53": connected using 172.30.1.51:40269
dumping master file: rename: slave/bak.test.com: permission denied
You might want to check if AppArmor is enabled. AppArmor will prevent an application from accessing things you haven't explicitly allowed. This could be the reason for the "permission denied". If it is enabled, try disabling it and see if that works, and if it does, you can use the AppArmor module in YaST to configure it to allow the accesses
On 5/26/06, Doug Morris wrote:
I am running bind 9.3.1 on SuSE Open 10 and bind 9.3.2 on SuSE 10.1, as master and slave servers respectively. The problem I'm having is that the slave server will get the zone from the master and then bomb out when trying to rename it to the zone file needed on the slave server.
The syslog messages look like this:
transfer of 'test.com/IN' from 172.30.1.50#53": connected using 172.30.1.51:40269
dumping master file: rename: slave/bak.test.com: permission denied
I had this problem. Here is the solution (you can find it in the archives as well): I installed Novell AppArmor YaST package, and it required another (as Per said - apparmor-utils, etc.), and then I started the Update profile wizard. It proposed to change some permissions, I accepted, and now the DNS server is running. -- -- Svetoslav Milenov (Sunny) Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit operating system originally coded for a 4-bit microprocessor by a 2-bit company that can't stand 1 bit of competition.
participants (4)
-
Anders Johansson -
Doug Morris -
Per Jessen -
Sunny