Hi there, My slave DNS servers seems to work fine but it generates the following messages: dumping master file: tmp-7HskK3f20H: open: permission denied dumping master file: tmp-IwYZO2kdZM: open: permission denied dumping master file: tmp-X8NBofY7Ff: open: permission denied dumping master file: tmp-FT0msqb6ka: open: permission denied dumping master file: tmp-GJwRw5EcKi: open: permission denied dumping master file: tmp-Cyt2TvrggB: open: permission denied dumping master file: tmp-UKU3Uaq3Qj: open: permission denied dumping master file: tmp-GwOU3pGvQ8: open: permission denied dumping master file: tmp-pce6eAvstI: open: permission denied dumping master file: tmp-aPBOiqUFjf: open: permission denied It cannot write something somewhere.... and looks like my dns zones are only in memory. After rebooting the server dns zones are some time not availible....it needs to transfer them first again in able to work. This is my named.conf file on the slave server (CentOS 7): // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-new-zones yes; allow-transfer { 1.2.3.4; 1.2.3.5; 1.2.3.6; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; key "rndc-key" { algorithm hmac-md5; secret "sdfghsgfsdfgsdfQ=="; }; controls { inet * port 953 allow { 1.2.3.4; 1.2.3.5; 1.2.3.6 ;127.0.0.1; } keys { "rndc-key"; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; The rights look like this: rpm -ql bind | xargs ls -lda | grep -v share ls: cannot access /var/log/named.log: No such file or directory -rw-r----- 1 root named 514 Mar 16 14:40 /etc/logrotate.d/named drwxr-x---. 2 root named 6 Mar 16 14:40 /etc/named -rw-r----- 1 root named 1987 Jan 6 2016 /etc/named.conf -rw-r--r-- 1 root named 2389 Mar 16 14:40 /etc/named.iscdlv.key -rw-r----- 1 root named 931 Jun 21 2007 /etc/named.rfc1912.zones -rw-r--r-- 1 root named 487 Jul 19 2010 /etc/named.root.key -rwxr-xr-x 1 root root 344 Mar 16 14:40 /etc/NetworkManager/dispatcher.d/13-named -rw------- 1 root root 480 Oct 28 2015 /etc/rndc.conf -rw-r-----. 1 root named 77 Oct 24 2015 /etc/rndc.key -rw-r--r-- 1 root root 140 Mar 16 14:40 /etc/rwtab.d/named -rw-r--r-- 1 root root 283 Nov 5 2015 /etc/sysconfig/named drwxr-xr-x 2 named named 80 Jul 24 03:26 /run/named drwxr-xr-x. 2 root root 6 Mar 16 14:40 /usr/lib64/bind -rwxr-xr-x 1 root root 530 Mar 16 14:40 /usr/libexec/generate-rndc-key.sh -rw-r--r-- 1 root root 773 Mar 16 14:40 /usr/lib/systemd/system/named.service -rw-r--r-- 1 root root 121 Mar 16 14:40 /usr/lib/systemd/system/named-setup-rndc.service -rw-r--r-- 1 root root 32 Mar 16 14:40 /usr/lib/tmpfiles.d/named.conf -rwxr-xr-x 1 root root 7184 Mar 16 14:40 /usr/sbin/arpaname -rwxr-xr-x 1 root root 19856 Mar 16 14:40 /usr/sbin/ddns-confgen -rwxr-xr-x 1 root root 9870 Mar 16 14:40 /usr/sbin/dnssec-checkds -rwxr-xr-x 1 root root 26566 Mar 16 14:40 /usr/sbin/dnssec-coverage -rwxr-xr-x 1 root root 53808 Mar 16 14:40 /usr/sbin/dnssec-dsfromkey -rwxr-xr-x 1 root root 53808 Mar 16 14:40 /usr/sbin/dnssec-importkey -rwxr-xr-x 1 root root 53696 Mar 16 14:40 /usr/sbin/dnssec-keyfromlabel -rwxr-xr-x 1 root root 66048 Mar 16 14:40 /usr/sbin/dnssec-keygen -rwxr-xr-x 1 root root 49568 Mar 16 14:40 /usr/sbin/dnssec-revoke -rwxr-xr-x 1 root root 53728 Mar 16 14:40 /usr/sbin/dnssec-settime -rwxr-xr-x 1 root root 104064 Mar 16 14:40 /usr/sbin/dnssec-signzone -rwxr-xr-x 1 root root 49568 Mar 16 14:40 /usr/sbin/dnssec-verify -rwxr-xr-x 1 root root 11408 Mar 16 14:40 /usr/sbin/genrandom -rwxr-xr-x 1 root root 11472 Mar 16 14:40 /usr/sbin/isc-hmac-fixup -rwxr-xr-x 2 root root 586736 Mar 16 14:40 /usr/sbin/lwresd -rwxr-xr-x 2 root root 586736 Mar 16 14:40 /usr/sbin/named -rwxr-xr-x 1 root root 28744 Mar 16 14:40 /usr/sbin/named-checkconf -rwxr-xr-x 1 root root 28568 Mar 16 14:40 /usr/sbin/named-checkzone lrwxrwxrwx 1 root root 15 Jun 9 09:23 /usr/sbin/named-compilezone -> named-checkzone -rwxr-xr-x 1 root root 11376 Mar 16 14:40 /usr/sbin/named-journalprint -rwxr-xr-x 1 root root 11408 Mar 16 14:40 /usr/sbin/nsec3hash -rwxr-xr-x 1 root root 32616 Mar 16 14:40 /usr/sbin/rndc -rwxr-xr-x 1 root root 19864 Mar 16 14:40 /usr/sbin/rndc-confgen drwxr-x---. 5 root named 12288 Jul 22 16:49 /var/named drwxrwx---. 2 named named 4096 Jul 24 03:26 /var/named/data drwxrwx---. 2 named named 58 Jul 26 14:44 /var/named/dynamic -rw-r----- 1 root named 2076 Jan 28 2013 /var/named/named.ca -rw-r----- 1 root named 152 Dec 15 2009 /var/named/named.empty -rw-r----- 1 root named 152 Jun 21 2007 /var/named/named.localhost -rw-r----- 1 root named 168 Dec 15 2009 /var/named/named.loopback drwxrwx---. 2 named named 6 Mar 16 14:40 /var/named/slaves