slave DNS server gives: dumping master file: tmp-tLhtqBidrp: open: permission denied

Discussion in 'Parallels Client for Linux' started by wverboom, Jul 28, 2016.

  1. wverboom

    wverboom Bit Poster

    Messages:
    2
    Hi there,

    My slave DNS servers seems to work fine but it generates the following messages:
    dumping master file: tmp-7HskK3f20H: open: permission denied
    dumping master file: tmp-IwYZO2kdZM: open: permission denied
    dumping master file: tmp-X8NBofY7Ff: open: permission denied
    dumping master file: tmp-FT0msqb6ka: open: permission denied
    dumping master file: tmp-GJwRw5EcKi: open: permission denied
    dumping master file: tmp-Cyt2TvrggB: open: permission denied
    dumping master file: tmp-UKU3Uaq3Qj: open: permission denied
    dumping master file: tmp-GwOU3pGvQ8: open: permission denied
    dumping master file: tmp-pce6eAvstI: open: permission denied
    dumping master file: tmp-aPBOiqUFjf: open: permission denied

    It cannot write something somewhere.... and looks like my dns zones are only in memory. After rebooting the server dns zones are some time not availible....it needs to transfer them first again in able to work.

    This is my named.conf file on the slave server (CentOS 7):
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //

    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    allow-new-zones yes;
    allow-transfer { 1.2.3.4; 1.2.3.5; 1.2.3.6; };
    /*
    - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    - If you are building a RECURSIVE (caching) DNS server, you need to enable
    recursion.
    - If your recursive DNS server has a public IP address, you MUST enable access
    control to limit queries to your legitimate users. Failing to do so will
    cause your server to become part of large scale DNS amplification
    attacks. Implementing BCP38 within your network would greatly
    reduce such attack surface
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
    };

    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };

    zone "." IN {
    type hint;
    file "named.ca";
    };

    key "rndc-key" {
    algorithm hmac-md5;
    secret "sdfghsgfsdfgsdfQ==";
    };

    controls {
    inet * port 953
    allow { 1.2.3.4; 1.2.3.5; 1.2.3.6 ;127.0.0.1; } keys { "rndc-key"; };
    };

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

    The rights look like this:
    rpm -ql bind | xargs ls -lda | grep -v share

    ls: cannot access /var/log/named.log: No such file or directory
    -rw-r----- 1 root named 514 Mar 16 14:40 /etc/logrotate.d/named
    drwxr-x---. 2 root named 6 Mar 16 14:40 /etc/named
    -rw-r----- 1 root named 1987 Jan 6 2016 /etc/named.conf
    -rw-r--r-- 1 root named 2389 Mar 16 14:40 /etc/named.iscdlv.key
    -rw-r----- 1 root named 931 Jun 21 2007 /etc/named.rfc1912.zones
    -rw-r--r-- 1 root named 487 Jul 19 2010 /etc/named.root.key
    -rwxr-xr-x 1 root root 344 Mar 16 14:40 /etc/NetworkManager/dispatcher.d/13-named
    -rw------- 1 root root 480 Oct 28 2015 /etc/rndc.conf
    -rw-r-----. 1 root named 77 Oct 24 2015 /etc/rndc.key
    -rw-r--r-- 1 root root 140 Mar 16 14:40 /etc/rwtab.d/named
    -rw-r--r-- 1 root root 283 Nov 5 2015 /etc/sysconfig/named
    drwxr-xr-x 2 named named 80 Jul 24 03:26 /run/named
    drwxr-xr-x. 2 root root 6 Mar 16 14:40 /usr/lib64/bind
    -rwxr-xr-x 1 root root 530 Mar 16 14:40 /usr/libexec/generate-rndc-key.sh
    -rw-r--r-- 1 root root 773 Mar 16 14:40 /usr/lib/systemd/system/named.service
    -rw-r--r-- 1 root root 121 Mar 16 14:40 /usr/lib/systemd/system/named-setup-rndc.service
    -rw-r--r-- 1 root root 32 Mar 16 14:40 /usr/lib/tmpfiles.d/named.conf
    -rwxr-xr-x 1 root root 7184 Mar 16 14:40 /usr/sbin/arpaname
    -rwxr-xr-x 1 root root 19856 Mar 16 14:40 /usr/sbin/ddns-confgen
    -rwxr-xr-x 1 root root 9870 Mar 16 14:40 /usr/sbin/dnssec-checkds
    -rwxr-xr-x 1 root root 26566 Mar 16 14:40 /usr/sbin/dnssec-coverage
    -rwxr-xr-x 1 root root 53808 Mar 16 14:40 /usr/sbin/dnssec-dsfromkey
    -rwxr-xr-x 1 root root 53808 Mar 16 14:40 /usr/sbin/dnssec-importkey
    -rwxr-xr-x 1 root root 53696 Mar 16 14:40 /usr/sbin/dnssec-keyfromlabel
    -rwxr-xr-x 1 root root 66048 Mar 16 14:40 /usr/sbin/dnssec-keygen
    -rwxr-xr-x 1 root root 49568 Mar 16 14:40 /usr/sbin/dnssec-revoke
    -rwxr-xr-x 1 root root 53728 Mar 16 14:40 /usr/sbin/dnssec-settime
    -rwxr-xr-x 1 root root 104064 Mar 16 14:40 /usr/sbin/dnssec-signzone
    -rwxr-xr-x 1 root root 49568 Mar 16 14:40 /usr/sbin/dnssec-verify
    -rwxr-xr-x 1 root root 11408 Mar 16 14:40 /usr/sbin/genrandom
    -rwxr-xr-x 1 root root 11472 Mar 16 14:40 /usr/sbin/isc-hmac-fixup
    -rwxr-xr-x 2 root root 586736 Mar 16 14:40 /usr/sbin/lwresd
    -rwxr-xr-x 2 root root 586736 Mar 16 14:40 /usr/sbin/named
    -rwxr-xr-x 1 root root 28744 Mar 16 14:40 /usr/sbin/named-checkconf
    -rwxr-xr-x 1 root root 28568 Mar 16 14:40 /usr/sbin/named-checkzone
    lrwxrwxrwx 1 root root 15 Jun 9 09:23 /usr/sbin/named-compilezone -> named-checkzone
    -rwxr-xr-x 1 root root 11376 Mar 16 14:40 /usr/sbin/named-journalprint
    -rwxr-xr-x 1 root root 11408 Mar 16 14:40 /usr/sbin/nsec3hash
    -rwxr-xr-x 1 root root 32616 Mar 16 14:40 /usr/sbin/rndc
    -rwxr-xr-x 1 root root 19864 Mar 16 14:40 /usr/sbin/rndc-confgen
    drwxr-x---. 5 root named 12288 Jul 22 16:49 /var/named
    drwxrwx---. 2 named named 4096 Jul 24 03:26 /var/named/data
    drwxrwx---. 2 named named 58 Jul 26 14:44 /var/named/dynamic
    -rw-r----- 1 root named 2076 Jan 28 2013 /var/named/named.ca
    -rw-r----- 1 root named 152 Dec 15 2009 /var/named/named.empty
    -rw-r----- 1 root named 152 Jun 21 2007 /var/named/named.localhost
    -rw-r----- 1 root named 168 Dec 15 2009 /var/named/named.loopback
    drwxrwx---. 2 named named 6 Mar 16 14:40 /var/named/slaves
     
  2. wverboom

    wverboom Bit Poster

    Messages:
    2
    i have changed the permissions for named in the /var/named (+w) and that fixes the problem.
     
  3. Maria@Parallels

    Maria@Parallels Parallels Team

    Messages:
    2,273
    Hey, thank you for sharing this info with us.
     
  4. ElizabethA

    ElizabethA Bit Poster

    Messages:
    26
    Also, try the following -
    Code:
    chown bind:bind /etc/bind/named.conf /etc/bind/slave
     

Share This Page