Sziasztok,
tudna nekem segiteni valaki?
A kovetkezo hibat kapom debian buster 10.1 alatt:
Nov 8 09:09:11 server named[24195]: loading configuration from '/etc/bind/named.conf'
Nov 8 09:09:11 server named[24195]: open: /etc/bind/named.conf: permission denied
Nov 8 09:09:11 server named[24195]: loading configuration: permission denied
Nov 8 09:09:11 server named[24195]: exiting (due to fatal error)
Koszonom elore a segitseget.
Ardi
root@server:~# cat /etc/debian_version
10.1
root@server:~# uname -a
Linux server 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2 (2019-08-28) x86_64 GNU/Linux
root@server:~#
root@server:~# dpkg -l|grep bind
ii bind9 1:9.11.5.P4+dfsg-5.1 amd64 Internet Domain Name Server
ii bind9-host 1:9.11.5.P4+dfsg-5.1 amd64 DNS lookup utility (deprecated)
ii bind9utils 1:9.11.5.P4+dfsg-5.1 amd64 Utilities for BIND
ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1 amd64 BIND9 Shared Library used by BIND
ii python-lxml:amd64 4.3.2-1 amd64 pythonic binding for the libxml2 and libxslt libraries
ii python3-pycurl 7.43.0.2-0.1 amd64 Python bindings to libcurl (Python 3)
ii rpcbind 1.2.5-0.3 amd64 converts RPC program numbers into universal addresses
root@server:~#
root@server:~# systemctl restart bind9.service
root@server:~# systemctl status bind9.service
● bind9.service - BIND Domain Name Server
Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2019-11-08 09:09:11 UTC; 3s ago
Docs: man:named(8)
Process: 24195 ExecStart=/usr/sbin/named -f -u bind -t /srv/bind (code=exited, status=1/FAILURE)
Main PID: 24195 (code=exited, status=1/FAILURE)
Nov 08 09:09:11 server named[24195]: adjusted limit on open files from 524288 to 1048576
Nov 08 09:09:11 server named[24195]: found 1 CPU, using 1 worker thread
Nov 08 09:09:11 server named[24195]: using 1 UDP listener per interface
Nov 08 09:09:11 server named[24195]: using up to 4096 sockets
Nov 08 09:09:11 server named[24195]: loading configuration from '/etc/bind/named.conf'
Nov 08 09:09:11 server named[24195]: open: /etc/bind/named.conf: permission denied
Nov 08 09:09:11 server named[24195]: loading configuration: permission denied
Nov 08 09:09:11 server named[24195]: exiting (due to fatal error)
Nov 08 09:09:11 server systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Nov 08 09:09:11 server systemd[1]: bind9.service: Failed with result 'exit-code'.
root@server:~#
/cat/var/log/syslog
.
.
.
Nov 8 09:09:11 server named[24195]: running as: named -f -u bind -t /srv/bind
Nov 8 09:09:11 server named[24195]: compiled by GCC 8.3.0
Nov 8 09:09:11 server named[24195]: compiled with OpenSSL version: OpenSSL 1.1.1c 28 May 2019
Nov 8 09:09:11 server named[24195]: linked to OpenSSL version: OpenSSL 1.1.1c 28 May 2019
Nov 8 09:09:11 server named[24195]: compiled with libxml2 version: 2.9.4
Nov 8 09:09:11 server named[24195]: linked to libxml2 version: 20904
Nov 8 09:09:11 server named[24195]: compiled with libjson-c version: 0.12.1
Nov 8 09:09:11 server named[24195]: linked to libjson-c version: 0.12.1
Nov 8 09:09:11 server named[24195]: threads support is enabled
Nov 8 09:09:11 server named[24195]: ----------------------------------------------------
Nov 8 09:09:11 server named[24195]: BIND 9 is maintained by Internet Systems Consortium,
Nov 8 09:09:11 server named[24195]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Nov 8 09:09:11 server named[24195]: corporation. Support and training for BIND 9 are
Nov 8 09:09:11 server named[24195]: available at https://www.isc.org/support
Nov 8 09:09:11 server named[24195]: ----------------------------------------------------
Nov 8 09:09:11 server named[24195]: adjusted limit on open files from 524288 to 1048576
Nov 8 09:09:11 server named[24195]: found 1 CPU, using 1 worker thread
Nov 8 09:09:11 server named[24195]: using 1 UDP listener per interface
Nov 8 09:09:11 server named[24195]: using up to 4096 sockets
Nov 8 09:09:11 server named[24195]: loading configuration from '/etc/bind/named.conf'
Nov 8 09:09:11 server named[24195]: open: /etc/bind/named.conf: permission denied
Nov 8 09:09:11 server named[24195]: loading configuration: permission denied
Nov 8 09:09:11 server named[24195]: exiting (due to fatal error)
Nov 8 09:09:11 server systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Nov 8 09:09:11 server systemd[1]: bind9.service: Failed with result 'exit-code'.
root@server:~#
Hozzászólások
Nem kapcsoltad be esetleg chroot-ot es akkor azon belul keresne a konfigot?
esetleg csodalatos apparmor?
/va/log/syslog nem jelez semmi ilyen hibat ...
Ardi
ez hogy kapcsolhato be?
Ardi
ls -l /etc/bind/named.conf ?
root@server:/etc/bind# ls -l /etc/bind/named.conf
-rwxr-xr-x 1 root bind 2944 Nov 7 14:07 /etc/bind/named.conf
root@server:/etc/bind#
ls -ld /etc/bind ?
root@server:/srv/bind# ls -ld /etc/bind
lrwxrwxrwx 1 root root 14 Nov 7 14:07 /etc/bind -> /srv/bind/conf
root@server:/srv/bind#
root@server:/srv/bind# ls -ltr
total 28
-rwxr-xr-x 1 root bind 825 Nov 7 14:07 signature
lrwxrwxrwx 1 root bind 9 Nov 7 14:07 README -> signature
drwxr-xr-x 7 root bind 4096 Nov 7 14:07 zones
drwxr-xr-x 8 root bind 4096 Nov 7 14:07 var
drwxr-xr-x 2 root bind 4096 Nov 7 14:07 dev
drwxr-xr-x 3 root bind 4096 Nov 7 14:07 etc
lrwxrwxrwx 1 root bind 7 Nov 7 14:07 log -> var/log
lrwxrwxrwx 1 root bind 8 Nov 7 14:07 dump -> var/dump
lrwxrwxrwx 1 root bind 9 Nov 7 14:07 stats -> var/stats
drwxr-xr-x 2 root bind 4096 Nov 7 14:07 conf
drwxr-x--- 3 dnsconf bind 4096 Nov 8 06:54 dnsconf
root@server:/srv/bind#
próbaképpen az /srv/bind/conf-ra egy chown bind:bind, vagy chmod 775 ?
probaltam mindkettot es utana systemctl restart bind9.service, de nem segitett.
Ardi
UNIX halado?
Még selinux is lehet a ludas,ls -Z -vel nem mutat két különböző fájlnevet esetleg?
Vagy apparmor bugot is irnak a neten:
Add the following into
/etc/apparmor.d/local/usr.sbin.named
file:/var/named/run-root/** rwm,
Aztan apparmor service restart and bind restart próba megint.
Most azon gondolkodom, hogy most a /srv/bind konyvtar a chrooted konyvtar?
En az /etc/apparmor.d/usr.sbin.named alatt probaltam atirni tegnap
/etc/bind/** r,
az utolso sort
/etc/bind/** rw,
de nem segitett. :-(
Ardi
rakd bele az /srv/bind -et is.... mivel a symlinktol a target file nem fog valtozni..
dmesg esetleg hazudik vmit?
koszonom szepen - jovok minimum egy sorrel:
vi /etc/apparmor.d/usr.sbin.named
change:
/etc/bind/** r,
to:
/etc/bind/** rw,
/srv/bind/** rw,
service apparmor restart
systemctl restart bind9.service
Es kis hibaval, de mukodik:
systemctl status bind9.service
● bind9.service - BIND Domain Name Server
Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-11-08 14:44:33 UTC; 11min ago
Docs: man:named(8)
Main PID: 5822 (named)
Tasks: 4 (limit: 1144)
Memory: 12.2M
CGroup: /system.slice/bind9.service
└─5822 /usr/sbin/named -f -u bind -t /srv/bind
Nov 08 14:44:33 server named[5822]: listening on IPv4 interface eth0, 10.253.61.76#53
Nov 08 14:44:33 server named[5822]: generating session key for dynamic DNS
Nov 08 14:44:33 server named[5822]: couldn't mkdir '//run': Permission denied
Nov 08 14:44:33 server named[5822]: could not create //run/named/session.key
Nov 08 14:44:33 server named[5822]: failed to generate session key for dynamic DNS: permission denied
Nov 08 14:44:33 server named[5822]: sizing zone task pool based on 64 zones
Nov 08 14:44:33 server named[5822]: none:106: 'max-cache-size 90%' - setting to 887MB (out of 986MB)
Nov 08 14:44:33 server named[5822]: set up managed keys zone for view _default, file 'managed-keys.bind'
Nov 08 14:44:33 server named[5822]: none:106: 'max-cache-size 90%' - setting to 887MB (out of 986MB)
Nov 08 14:44:33 server named[5822]: command channel listening on 127.0.0.1#953
Megyek, rakeresek erre is.
Ardi
MEGOLDVA:
cd /srv/bind/
ln -s var/run run
systemctl restart bind9.service
Koszonom mindenkinek a segitseget.
Ardi
Elég lett volna az apparmor szerinti ajánlásnak megfelelően áthelyezni a zónafile-okat és átírni a konfigot.