From owner-freebsd-questions@FreeBSD.ORG Thu Nov 11 14:27:44 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7830616A4CE for ; Thu, 11 Nov 2004 14:27:44 +0000 (GMT) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2544243D39 for ; Thu, 11 Nov 2004 14:27:44 +0000 (GMT) (envelope-from fbsd-questions@trini0.org) Received: from hivemind.trini0.org (trini0.org[65.34.205.195]) by comcast.net (sccrmhc11) with ESMTP id <2004111114274301100nfmmde>; Thu, 11 Nov 2004 14:27:43 +0000 Received: from [192.168.0.16] (gladiator.trini0.org [192.168.0.16]) by hivemind.trini0.org (Postfix) with ESMTP id 89F17D3; Thu, 11 Nov 2004 09:27:42 -0500 (EST) Message-ID: <419376E2.8030708@trini0.org> Date: Thu, 11 Nov 2004 09:27:46 -0500 From: Gerard Samuel User-Agent: Mozilla Thunderbird 0.8 (X11/20041015) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Erik Norgaard References: <4192375E.7050603@trini0.org> <4192C57E.8080804@trini0.org> <419331C4.4000000@locolomo.org> In-Reply-To: <419331C4.4000000@locolomo.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsdquestions Subject: Maybe a bug in 5.3 [Was: Re: BIND9 dump file] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2004 14:27:44 -0000 Erik Norgaard wrote: >Gerard Samuel wrote: > > > >>>Im getting a bunch of these in the logs -> >>>Nov 10 10:30:48 gatekeeper named[312]: dumping master file: >>>master/tmp-SLtSQEmBBK: open: permission denied >>> >>>So I figured a filesystem permissions problem. I chowned >>>Thanks for any info that you may provide... >>> >>> >>Im confused. I've read the named and rc.conf man pages, and didn't find >>out >>why named is behaving as it is. >> >> > >I don't know if this will help or is related. I had a problem with named >not creating the pid-file with a permision denied error (see other thread). > >I eventually solved it by creating a new chroot-dir and setting >permissions on that. It still remains a mystery to me why I ever got >that problem or why this worked. > I dont think recreating the chroot will fix it. According to the docs, the chroot process is automatic in 5.3. And since, I have no idea where these *automatic* instructions live, I dont think moving/recreating the chroot will fix it. I believe the problem lies within the *automatic* instructions. Even in the docs for DNS in the handbook states that -> * Create all directories that named expects to see: # cd /etc/namedb # mkdir -p bin dev etc var/tmp var/run master slave # chown bind:bind slave var/* named only needs write access to these directories, so that is all we give it. Im not sure why the author assumes that named shouldn't write to the master directory. In my case, DHCP can only update master zones (DHCP updates DNS within the LAN), not slave zones, so master should be writeable by named. What Im going to try is this. Since the slave directory never seems to change permissions, I'll move the LAN's zone files to the slave directory instead of the master directory. And change named.conf -> zone "trini0.org" { type master; file "slave/trini0.org"; allow-update { key DHCP_UPDATER; }; }; zone "0.168.192.in-addr.arpa" { type master; file "slave/trini0.org.rev"; allow-update { key DHCP_UPDATER; }; }; Kind of a contradiction if you're a stickler on the naming convention. Hopefully if this *automatic* process doesn't recreate the directories at boot time, this should work out. I'll try this, and report any findings. Thanks for replying.