[CentOS] rndc permission denied

Sun Sep 21 23:26:54 UTC 2014
Sergio Belkin <sebelk at gmail.com>

Well,

I've found that it was a permission issue:

touch /var/named/named.recursing ; chown named. /var/named/named.recursing

and now it doesn't complain...

However, file created has only the following:

;
; Recursing Queries
;
; Dump complete

I don't understand what's the use of recursing subcommand... please help me!


2014-09-21 19:39 GMT-03:00 Sergio Belkin <sebelk at gmail.com>:

> Hi, h when I have the following problem with rndc:
>
> [root at centos7 ~]# rndc   recursing and
> rndc: 'recursing' failed: permission denied
>
> SELinux is disables:
>
> named.conf config file is:
>
> //
> // named.conf
> //
> // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
> // server as a caching only nameserver (as a localhost DNS resolver only).
> //
> // See /usr/share/doc/bind*/sample/ for example named configuration files.
> //
>
> options {
> //    listen-on port 53 { 127.0.0.1; };
>     listen-on port 53 { 192.168.0.107; };
> //    listen-on-v6 port 53 { ::1; };
>     directory     "/var/named";
>     dump-file     "/var/named/data/cache_dump.db";
>     statistics-file "/var/named/data/named_stats.txt";
>     memstatistics-file "/var/named/data/named_mem_stats.txt";
>     allow-query     { localhost; 192.168.0.0/24; };
>
>     /*
>      - If you are building an AUTHORITATIVE DNS server, do NOT enable
> recursion.
>      - If you are building a RECURSIVE (caching) DNS server, you need to
> enable
>        recursion.
>      - If your recursive DNS server has a public IP address, you MUST
> enable access
>        control to limit queries to your legitimate users. Failing to do so
> will
>        cause your server to become part of large scale DNS amplification
>        attacks. Implementing BCP38 within your network would greatly
>        reduce such attack surface
>     */
>     recursion yes;
>
>     dnssec-enable yes;
>     dnssec-validation yes;
>     dnssec-lookaside auto;
>
>
>     bindkeys-file "/etc/named.iscdlv.key";
>
>     managed-keys-directory "/var/named/dynamic";
>
> };
>
> logging {
>         channel default_debug {
>                 file "data/named.run";
>                 severity dynamic;
>         };
> };
>
> zone "." IN {
>     type hint;
>     file "named.ca";
> };
>
>
> zone "example.com." IN {
>     type master;
>     file "example.com.fz";
>     allow-update { none; };
> };
>
> zone "0.168.192.in-addr.arpa" IN {
>     type master;
>     file "example.com.rz";
>     allow-update { none; };
> };
>
>
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
>
> any ideas
>
>
> TIA
>
>
> --
> --
> Sergio Belkin  http://www.sergiobelkin.com
> LPIC-2 Certified - http://www.lpi.org
>



-- 
--
Sergio Belkin  http://www.sergiobelkin.com
LPIC-2 Certified - http://www.lpi.org