Date: Fri, 10 Dec 1999 15:02:35 -0500 From: Mike Tancsa <mike@sentex.net> To: dfoo@webct.com, freebsd-security@FreeBSD.ORG Subject: Re: Jailing BIND, named-xfer problems Message-ID: <3.0.5.32.19991210150235.01516100@staff.sentex.ca> In-Reply-To: <38514E5F.4C1775C7@ca.webct.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:02 AM 12/10/99 -0800, Darren Foo wrote:
> I recently upgraded and chrooted bind. Unfortunately, my secondary DNS
>server won't update from my primary because it can't run named-xfer. It
>either gives me a "permission denied" or "can't find file" error
>message. I've tried changing the options named-xfer in named.conf but it
>still doesn't work. I compiled bind with static libraries and changed
>the permissions and ownership on named-xfer to no avail.
Where is it trying to write the bk. files to ? That directory must be
writeable by the bind UID. Also, did you specify the path to named-xfer ?
For example,
// the directory /etc/namedb/s is owned by the UID:GID bind:bind
// so bind can write to it
options {
directory "/etc/namedb";
named-xfer "/usr/local/libexec/named-xfer"; // _PATH_XFER
pid-file "/etc/namedb/s/named.pid"; // _PATH_PIDFILE
forward only;
dump-file "s/named_dump.db";
};
// note the bk. file is written to the directory s
zone "myexample.ca" { type slave; file "s/bk.myexample.ca";masters
{192.168.1.1;};};
---Mike
------------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Network Administrator, mike@sentex.net
Sentex Communications www.sentex.net
Cambridge, Ontario Canada
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19991210150235.01516100>