From owner-freebsd-questions@FreeBSD.ORG Fri Sep 8 02:58:30 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9F5816A4E1 for ; Fri, 8 Sep 2006 02:58:30 +0000 (UTC) (envelope-from freebsd@dfwlp.com) Received: from zeus.dfwlp.com (zeus.dfwlp.com [208.11.134.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5844143D46 for ; Fri, 8 Sep 2006 02:58:30 +0000 (GMT) (envelope-from freebsd@dfwlp.com) Received: from athena.dfwlp.com (athena.dfwlp.com [192.168.125.83]) (authenticated bits=0) by zeus.dfwlp.com (8.13.6/8.13.6) with ESMTP id k882wRoA044992 for ; Thu, 7 Sep 2006 21:58:28 -0500 (CDT) (envelope-from freebsd@dfwlp.com) From: Jonathan Horne To: freebsd-questions@freebsd.org Date: Thu, 7 Sep 2006 21:58:27 -0500 User-Agent: KMail/1.9.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200609072158.27673.freebsd@dfwlp.com> X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on zeus.dfwlp.com Subject: trouble with a pair of bind9 servers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2006 02:58:31 -0000 i have 2 servers im working with for a test im doing with bind9. a 6.1-p4, and a 5.5-p3. both have bind9-9.3.2.1 from ports, without "replace base version" checked. both are responding correctly for general lookups of hosts out on the internet, even based on the querying clients ip vs the acl on the zones. the trouble im having is, that my slave (5.5-p3) will not transfer the zone from the master (6.1-p4). my /var/log/messages is filled with these: Sep 7 21:50:24 fbsd55-2 named[1847]: exiting Sep 7 21:50:26 fbsd55-2 named[1924]: starting BIND 9.3.2 -t /var/named -u bind Sep 7 21:50:26 fbsd55-2 named[1924]: /etc/namedb/named.conf:40: option 'allow-update' is not allowed in 'slave' zone 'dlptest.com' Sep 7 21:50:26 fbsd55-2 named[1924]: command channel listening on 127.0.0.1#953 Sep 7 21:50:26 fbsd55-2 named[1924]: command channel listening on ::1#953 Sep 7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has 0 SOA records Sep 7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has no NS records Sep 7 21:50:26 fbsd55-2 named[1924]: running Sep 7 21:50:27 fbsd55-2 named[1924]: dumping master file: /etc/namedb/tmp-UZF5mCCxZP: open: permission denied Sep 7 21:50:27 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from 192.168.125.91#53: failed while receiving responses: permission denied Sep 7 21:51:20 fbsd55-2 named[1924]: dumping master file: /etc/namedb/tmp-SaWWYxV06u: open: permission denied Sep 7 21:51:20 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from 192.168.125.91#53: failed while receiving responses: permission denied this was giving me the impression that the bind user was not able to write to /var/named/etc/namedb, but every time i make a chmod or chown adjustment, it just gets changed back: fbsd55-2# /etc/rc.d/named restart Stopping named. etc/namedb changed user expected 0 found 53 modified Starting named. fbsd55-2# here are my 2 config files (first the master, then the slave) acl "dlpnets" { 192.168.125.64/26; 127.0.0.1; }; options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; listen-on { 192.168.125.91; 127.0.0.1; }; }; view "internal" { match-clients { dlpnets; }; recursion yes; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "master/localhost.rev"; }; zone "dlptest.com" { type master; file "/etc/namedb/dlptest.com.i.hosts"; allow-transfer { any; }; also-notify { 192.168.125.91; }; notify yes; }; }; view "external" { match-clients { any; }; recursion no; zone "dlptest.com" { type master; file "/etc/namedb/dlptest.com.e.hosts"; }; }; (begin the slave named.conf) acl "dlpnets" { 192.168.125.0/26; 192.168.125.91; 127.0.0.1; }; options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; listen-on { 127.0.0.1; 192.168.125.93; }; }; view "internal" { match-clients { dlpnets; }; recursion yes; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "master/localhost.rev"; }; zone "dlptest.com" { type slave; masters { 192.168.125.91; }; file "/etc/namedb/dlptest.com.i-slave.hosts"; transfer-source 192.168.125.93; allow-transfer { any; }; allow-update { 192.168.125.91; }; }; }; ive been dinking around with this for a few hours now, and im about to pull what little hair i have left out. can someone shed light on this for me please? any help at all would be much appreciated! cheers, jonathan