| View previous topic :: View next topic |
| Author |
Message |
Anton
Fresher
Joined: 04 Dec 2006
Posts: 12
|
 Posted: Wed Dec 06, 2006 7:11 pm Post subject: Unable to Perform Zone Transfer for DNS |
 |
|
I am having a problem with my “DNS” servers. It is running on “RHEL 4.0” and has “bind-9.2.4-2” installed.
I have a “master” and “slave” DNS server. They are both able to “dig” and “look-up” correctly. However, I am unable to perform zone transfers from the “master” to the “slave” DNS server.
The “Named service” was started on both master and slave machines.
“/var/log/messages” on my master server shows this:
Jan 5 16:00:39 libra named[3952]: client 192.168.10.222#32809: transfer of
“bcsis.com/IN”: AXFR-style IXFR started
“/var/log/messages” on my slave server shows this:
Jan 5 16:00:37 pisces named[3791]: dumping master file: tmp-
XXXXM7QUDU: open: permission denied
Jan 5 16:00:37 pisces kernel: audit(1136448037.369:0): avc: denied { write }
for pid=3792 comm=named name=named dev=sda3 ino=1687907
scontext=root:system_r:named_t tcontext=rootobject_r:etc_t tclass=dir
Jan 5 16:00:37 pisces named[3791]: transfer of “bcsis.com/IN” from
192.168.10.221#53: failed while receiving responses: permission denied
Jan 5 16:00:37 pisces named[3791]: transfer of “bcsis.com/IN” from
192.168.10.221#53: end of transfer
All files and folders related to “named” are issued the "chown named.named *" command.
What information can you provide me in regards to this problem? |
|
| Back to top |
|
 |
Marie
Fresher
Joined: 04 Dec 2006
Posts: 14
|
| Posted: Wed Dec 06, 2006 7:11 pm Post subject: |
|
|
Check if you have turned off “SELinux” protection on the named “daemon.” This is under “System Settings,” “Security Level,” “SELinux Tab.” Try to expand those under the “Name Service” and checked “Disable SELinux protection for named service.”
The “zones” will transfer after that. It’s uncertain what protection you may lose by changing this setting.
Another explanation for this is “RHEL 4” has the named “daemon” locked down under “SELinux,” and the only valid directories for zone files are “/var/named” with slave zones in “/var/named/slaves.” If you attempt to move these directories elsewhere with “SELinux” on, you will get these error messages. You either have to turn “SELinux” off or modify the “SELinux configuration files.”
You need to make these changes on your “named.conf” file on your secondary or slave server:
options {
directory "var/named/slaves";
query-source address * port 53;
};
You can only allow postings as a “slave” to the “slave directory.” |
|
| Back to top |
|
|
|
FAQ
Search
Usergroups
Register
Profile
Check private messages
Log in
