Hi all,
i ma trying to setup bind-chroot on centos 5. its named.comf file is confused to me. I can not get it up and running. How can I fix it?
It is very urgent.
Can I run bind without chrootjail.if so, What is the pkg I should use? Pls note that this is a primary name server. I updated it to centos 5 from Redhat 9. on Redhat 9, I worked. But, without chroot jail.
Some how, I wnat to get it woking. I can not run under chroot jail, Pls tellme to run without chroot jail.
URGENT. Help me.
On Wed July 4 2007 08:47, Indunil Jayasooriya wrote:
i ma trying to setup bind-chroot on centos 5. its named.comf file is confused to me. I can not get it up and running. How can I fix it?
I'm sure that nothing has changed from 4.5 to 5 so my thoughts are you are not placing the files in the correct directories. Try the following, place the files listed below in the directories they are listed under.
/var/named/chroot/etc named.conf rndc.conf rndc.key <any other config file for Bind>
/var/named/chroot/var/named/slaves <place your zone files here>
Make sure all your conf files reflect these location and you can create links in /etc for the config files.
SELinux only allows Bind to write in certain directories, this being one of them, data being another. As I like to keep logs and zonefiles separate, makes thing easier when searching for something, I write log files to Data directory. Also this is standard across all m y DNS servers keeping the guessing game of where something is to "Nill".
Try this and if it still is not working then a lot more information is needed from your end to help identify where and what the problem is.
/var/named/chroot/etc named.conf rndc.conf rndc.key <any other config file for Bind>
YES, I copied named.conf rndc.conf rndc.key to /var/named/chroot/etc.
[root@mailgw ~]# cd /var/named/chroot/etc/ [root@mailgw etc]# pwd /var/named/chroot/etc [root@mailgw etc]# ls -al total 56 drwxr-x--- 2 root named 4096 Jul 5 13:26 . drwxr-x--- 6 root named 4096 Apr 11 15:41 .. -rw-r--r-- 1 root root 347 May 14 16:59 localtime -rw-r--r-- 1 root named 1681 Jul 5 12:46 named.conf -rw-r--r-- 1 root named 1114 Jul 5 10:28 rndc.conf -rw-r--r-- 1 root named 113 Apr 27 15:28 rndc.key
You can see above files and their permission .
Here is my named.conf. pls see below
[root@mailgw etc]# cat named.conf // // named.conf for Red Hat caching-nameserver //
options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; };
// // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; };
zone "." IN { type hint; file "named.root"; };
//zone "localdomain" IN { // type master; // file "localdomain.zone"; // allow-update { none; }; //};
//zone "localhost" IN { // type master; // file "localhost.zone"; // allow-update { none; }; //};
//zone "0.0.127.in-addr.arpa" IN { // type master; // file "named.local "; // allow-update { none; }; //};
//zone " 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { // type master; // file "named.ip6.local"; // allow-update { none; }; //};
//zone "255.in-addr.arpa" IN { // type master; // file "named.broadcast"; // allow-update { none; }; //};
//zone " 0.in-addr.arpa" IN { // type master; // file "named.zero"; // allow-update { none; }; //};
zone "example77.com " IN { type master; file "master/example77.com.zone"; };
include "/etc/rndc.key";
here is my rndc.conf file. pls see below
[root@mailgw etc]# cat rndc.conf /* * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */
/* $Id: rndc.conf ,v 1.7.2.1 2004/03/09 06:09:27 marka Exp $ */
/* * Sample rndc configuration file. */
options { default-server localhost; default-key "rndckey"; };
server localhost { key "rndckey"; };
include "/etc/rndc.key";
here is my rndc.key. pls see below.
[root@mailgw etc]# cat rndc.key key "rndckey" { algorithm hmac-md5; secret "pS6vJwWxIHVKPO6uOwwzd41Q8ubhGYcm69pJWNh3oeADrdSLo7dHIH24nxep"; };
and also, I added 2 syslinks to /etc. Pls see below. [root@mailgw etc]# pwd /etc [root@mailgw etc]# ln -s /var/named/chroot/etc/rndc.conf rndc.conf [root@mailgw etc]# ln -s /var/named/chroot/etc/named.conf named.conf
[root@mailgw etc]# ls -al /etc/named.conf lrwxrwxrwx 1 root root 32 Jul 5 10:33 /etc/named.conf -> /var/named/chroot/etc/named.conf
[root@mailgw etc]# ls -al /etc/rndc.conf lrwxrwxrwx 1 root root 31 Jul 5 10:32 /etc/rndc.conf -> /var/named/chroot/etc/rndc.conf
And, Below symlink was added by default. [root@mailgw etc]# ls -al /etc/rndc.key lrwxrwxrwx 1 root named 31 Apr 27 15:28 /etc/rndc.key -> /var/named/chroot//etc/rndc.key
Then, I did cd to /var/named/chroot/var/named/ as follows. [root@mailgw etc]# cd /var/named/chroot/var/named/
I do not want to plce my zone files @ var/named/chroot/var/named/slaves So, I created a directory called master as follows.
[root@mailgw named]# mkdir master And, Changed permision as follows. [root@mailgw named]# chown -R named:named master/ [root@mailgw named]# chmod -R 770 master/ [root@mailgw named]# ls -al total 36 drwxr-x--- 5 root named 4096 Jul 5 10:36 . drwxr-x--- 5 root named 4096 Mar 14 2003 .. drwxrwx--- 2 named named 4096 Aug 26 2004 data drwxrwx--- 2 named named 4096 Jul 5 10:36 master drwxrwx--- 2 named named 4096 Jul 5 10:36 slaves
Then , [root@mailgw named]# cd master/ [root@mailgw master]# pwd /var/named/chroot/var/named/master [root@mailgw master]# touch example77.com.zone
[root@mailgw master]# chown named:named example77.com.zone
And, I included my zone info to that file. here it is.
[root@mailgw master]# cat example77.com.zone $TTL 86400 @ IN SOA gateway.example77.com. root.example77.com. ( 2006101604 ; Serial 1800 ; Refresh 300 ; Retry 360000 ; Expire 86400 ) ; Minimum
IN NS gateway.example77.com.
IN MX 10 gateway.example77.com. IN MX 20 mail.example77.com.
IN A 192.168.0.3
gateway IN A 192.168.0.3 mail IN A 192.168.0.2
Fiannly, I restarted named , pls see below.
[root@mailgw master]# /etc/init.d/named restart Stopping named: [ OK ] Starting named: [ OK ]
But, I ckecked /var/log/messeges. I get below errors.
master/example77.com.zone:11: example77.com\032: bad owner name (check-names ) Jul 5 14:32:42 mailgw named[8047]: zone example77.com\032/IN: loading master file master/example77.com.zone: bad owner name (check-names)
It says bad owner name (check-names). what it is. These are whtat I got evrerything in /var/log/messages. pls see below.
[root@mailgw master]# tail -f /var/log/messages Jul 5 14:32:40 mailgw named[7993]: exiting Jul 5 14:32:42 mailgw named[8047]: starting BIND 9.3.3rc2 -u named -t /var/named/chroot Jul 5 14:32:42 mailgw named[8047]: found 2 CPUs, using 2 worker threads Jul 5 14:32:42 mailgw named[8047]: loading configuration from '/etc/named.conf' Jul 5 14:32:42 mailgw named[8047]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 5 14:32:42 mailgw named[8047]: listening on IPv4 interface eth0, 203.143.26.131#53 Jul 5 14:32:42 mailgw named[8047]: command channel listening on 127.0.0.1#953 Jul 5 14:32:42 mailgw named[8047]: master/example77.com.zone:11: example77.com\032: bad owner name (check-names) Jul 5 14:32:42 mailgw named[8047]: zone example77.com\032/IN: loading master file master/example77.com.zone: bad owner name (check-names) Jul 5 14:32:42 mailgw named[8047]: running
Whar exalty has happened.
I think you are alreday runnig bind 9.3.3 under chroot jail on centOS 5.
Pls help me to solve this issue. This is a MUST for me . So I need your help.
Pls NOTE that domain I have given above is example77.com. I can not give my real doamin name due to security reason. We can go ahead with that doamin name. when it gets up and running, I can change it to my real dmain name.
IN NS gateway.example77.com .^Ralph
PS: named-checkzone is a great utility to check your zone files.
Hey, thanks, something new to me. I tried as follows. pls see below.
[root@gateway master]# pwd /var/named/chroot/var/named/master [root@gateway master]# named-checkzone example77.com example77.com.zone zone example77.com/IN: loaded serial 2006101604 OK
Is something wrong witn below line. IN NS gateway.example77.com
Pls help me to solve this .
_______________________________________________
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Around 10:55am on Thursday, July 05, 2007 (UK time), Indunil Jayasooriya scrawled:
IN NS gateway.example77.com .^Ralph
PS: named-checkzone is a great utility to check your zone files.
Hey, thanks, something new to me. I tried as follows. pls see below.
[root@gateway master]# pwd /var/named/chroot/var/named/master [root@gateway master]# named-checkzone example77.com example77.com.zone zone example77.com/IN: loaded serial 2006101604 OK
Is something wrong witn below line. IN NS gateway.example77.com
You don't want the 'IN' - the zone files should start something like this:
$TTL 3D @ IN SOA magpie.stevesearle.com. steve.stevesearle.com. ( 200604011 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS magpie.stevesearle.com. 2 PTR magpie.stevesearle.com.
See http://www.stevesearle.com/tech/centos5.0.svr.html#bind for more details.
Steve
Hi,
Thanks.
Is something wrong witn below line. IN NS gateway.example77.com
You don't want the 'IN' - the zone files should start something like this:
$TTL 3D @ IN SOA magpie.stevesearle.com. steve.stevesearle.com. ( 200604011 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS magpie.stevesearle.com. 2 PTR magpie.stevesearle.com.
I removed 'IN'. Pls see below.
[root@gateway master]# cat example77.com.zone $TTL 86400 @ IN SOA gateway.example77.com. root.example77.com. ( 2006101604 ; Serial 1800 ; Refresh 300 ; Retry 360000 ; Expire 86400 ) ; Minimum
NS gateway.example77.com.
MX 10 gateway.example77.com. MX 20 mail.example77.com.
A 192.168.0.3
gateway A 192.168.0.3 mail A 192.168.0.2
See http://www.stevesearle.com/tech/centos5.0.svr.html#bind for more
details.
Steve
--
Play Champions - my free football predictions game at: http://www.stevesearle.com/champs/about.html
11:01:28 up 9 days, 14:41, 3 users, load average: 0.08, 0.12, 0.10
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi,
Thanks.
Is something wrong witn below line. IN NS gateway.example77.com
You don't want the 'IN' - the zone files should start something like this:
$TTL 3D @ IN SOA magpie.stevesearle.com. steve.stevesearle.com. ( 200604011 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS magpie.stevesearle.com. 2 PTR magpie.stevesearle.com.
I removed 'IN'. Pls see below.
[root@gateway master]# cat example77.com.zone $TTL 86400 @ IN SOA gateway.example77.com. root.example77.com. ( 2006101604 ; Serial 1800 ; Refresh 300 ; Retry 360000 ; Expire 86400 ) ; Minimum
NS gateway.example77.com.
MX 10 gateway.example77.com. MX 20 mail.example77.com.
A 192.168.0.3
gateway A 192.168.0.3 mail A 192.168.0.2
But, I still get the same error. pls see below.
[root@gateway master]# tail -f /var/log/messages Jul 5 15:50:29 gateway named[3048]: exiting Jul 5 15:50:32 gateway named[3548]: starting BIND 9.3.3rc2 -u named -t /var/named/chroot Jul 5 15:50:32 gateway named[3548]: found 2 CPUs, using 2 worker threads Jul 5 15:50:32 gateway named[3548]: loading configuration from '/etc/named.conf' Jul 5 15:50:32 gateway named[3548]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 5 15:50:32 gateway named[3548]: listening on IPv4 interface eth0, 203.143.26.131#53 Jul 5 15:50:32 gateway named[3548]: command channel listening on 127.0.0.1#953 Jul 5 15:50:32 gateway named[3548]: master/example77.com.zone:11: example77.com\032: bad owner name (check-names) Jul 5 15:50:32 gateway named[3548]: zone example77.com\032/IN: loading master file master/example77.com.zone: bad owner name (check-names) Jul 5 15:50:32 gateway named[3548]: running
Do I need a file for reverce mapping. I still have not included such a file. I think it is noe essential. Am I right?
Pls help me.
See http://www.stevesearle.com/tech/centos5.0.svr.html#bind for more
details.
Steve
--
Play Champions - my free football predictions game at: http://www.stevesearle.com/champs/about.html
11:01:28 up 9 days, 14:41, 3 users, load average: 0.08, 0.12, 0.10
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Jul 5 15:50:32 gateway named[3548]:
master/example77.com.zone:11:
example77.com\032: bad owner name (check-names)
^^^Now what might 032 be in ascii?
Interesting ponit. How to get to know it? Have you guys got such a error with bind 9.3.3
where Have I gone wrong?
I have sent you all the files before.
Thanks
Ralph
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Indunil Jayasooriya wrote:
> Jul 5 15:50:32 gateway named[3548]: master/example77.com.zone:11: > example77.com\032: bad owner name (check-names) ^^^ Now what might 032 be in ascii? Interesting ponit. How to get to know it? Have you guys got such a errorwith bind 9.3.3 where Have I gone wrong?
You maybe should use a mail reader with fixed fonts and you would have clearly seen the space I marked *twice* for you.
Ralph
On Thu July 5 2007 06:29, Indunil Jayasooriya wrote:
[root@gateway master]# cat example77.com.zone $TTL 86400 @ IN SOA gateway.example77.com. root.example77.com. ( 2006101604 ; Serial 1800 ; Refresh 300 ; Retry 360000 ; Expire 86400 ) ; Minimum
NS gateway.example77.com. MX 10 gateway.example77.com. MX 20 mail.example77.com. A 192.168.0.3gateway A 192.168.0.3 mail A 192.168.0.2
But, I still get the same error. pls see below.
Jul 5 15:50:32 gateway named[3548]: master/example77.com.zone:11: example77.com\032: bad owner name (check-names)
This error is telling you that the error is in line 11. The error as some have already told you is the space.
Sorry I didn't get back to you sooner.
-
Indunil Jayasooriya -
Ralph Angenendt -
Robert Spangler -
Steve Searle