From owner-freebsd-current@FreeBSD.ORG Tue Nov 2 21:56:33 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 845FA16A4CE for ; Tue, 2 Nov 2004 21:56:33 +0000 (GMT) Received: from vimes.aminor.no (vimes.aminor.no [213.187.177.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2C2243D5C for ; Tue, 2 Nov 2004 21:56:32 +0000 (GMT) (envelope-from eivind@aminor.no) Received: from [10.122.7.51] (nextra-3-243.nextra.no [148.122.3.243]) by vimes.aminor.no (Postfix) with ESMTP id 3A3D417030 for ; Tue, 2 Nov 2004 22:56:31 +0100 (CET) Message-ID: <4188039D.8020109@aminor.no> Date: Tue, 02 Nov 2004 23:01:01 +0100 From: Eivind Olsen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 X-Accept-Language: en-us, en, zh, zh-cn, zh-hk, zh-sg, zh-tw MIME-Version: 1.0 To: freebsd-current@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Problem with RELENG_5_3, BIND9 and dynamic updates X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Nov 2004 21:56:33 -0000 It looks like BIND9, as delivered in the base, has problems when zones are using dynamic DNS updates. This is because it runs as user "bind", but that user doesn't have write access to /var/named/etc/namedb/master - the script /etc/rc.d/named uses mtree to set that directory as follows: drwxr-xr-x 2 root wheel 512 Nov 2 22:40 master So, if I try to do a DNS-update (in this case using "nsupdate"-command") I get the following error in /var/log/all.log: Nov 2 22:40:31 vimes named[98525]: client 213.187.177.2#54260: updating zone 'aminor.no/IN': adding an RR at 'jolie.aminor.no' A Nov 2 22:40:31 vimes named[98525]: journal file master/aminor.no.zone.jnl does not exist, creating it Nov 2 22:40:31 vimes named[98525]: master/aminor.no.zone.jnl: create: permission denied Nov 2 22:40:31 vimes kernel: Nov 2 22:40:31 vimes named[98525]: master/aminor.no.zone.jnl: create: permission denied Nov 2 22:40:31 vimes named[98525]: client 213.187.177.2#54260: updating zone 'aminor.no/IN': error: journal open failed: unexpected error If on the other hand I start BIND9 as usual and then change the owner of the "master"-directory so it's owned by user "bind", the nsupdate works as expected. It's not meant to be like this, is it? -- Regards / Hilsen Eivind Olsen