named[4402]: dumping master file: /etc/bind/tmp-xxxxxxx: open: permission denied named[4402]: transfer of 'www.xxx.yyy.zzz/IN' from master#53: failed while receiving responses: permission deniedit appears that named was unable to write to /etc/bind/ .
after some digging and using strace, i discovered that ubuntu is shipped with slave zone files residing here:
/var/cache/bind/in /etc/bind/named.conf the zone definition ought to have the following format:
zone "mydomain.com" IN { type slave; file "/var/cache/bind/db.mydomain.com"; masters { www.xxx.yyy.zzz; }; };(or no path to the file)
and have the correct permissions:
# chown -R bind:bind /var/cache/bind/ # chmod -R g+w /var/cache/bind/bind also needs permissions to write to various zone files, in:
/etc/default/bind9 add: ENABLE_ZONE_WRITE=yeshowever, my slave zone would still not synchronize. this was due to apparmor (sure, i knew that); edit:
/etc/apparmor.d/usr.sbin.named change: /etc/bind/** r, to: /etc/bind/** rw,some other excitement is to actually resolve things on the localhost.
/etc/network/interfacesadd:
dns-nameservers 127.0.0.1and in /etc/bind/named.conf.options include the following stanza:
forwarders { 8.8.8.8; <- our friend google for ext lookups 8.8.8.4; <- our friend google for ext lookups 10.6.6.6; <- an internal server for internal lookups };
No comments:
Post a Comment