DNS Gotchas

From Zanecorpwiki

Jump to: navigation, search

Zone Update Failures

A slave DNS transfers the zone information from the master. This can fail for a number reason. The first thing to check is that the master allows zone transfers.

If the logs start dropping bits about 'permission denied' on 'set file modification' or while opening temporary files, then it's likely that the local (cache) data is unwritable. This can happen if the server was originally a master but has been made a slave (Yast in openSUSE 11.1 has this specific problem) but the cache directory paths are not updated. The working directory is not generally writable by the 'bind' user (it's owned by root) and the sub-dirs are laid out such that only files that the named process itself needs to update can be changed (to avoid security problems).

Specifically, the 'master' directory, which normally contains zone info for those zones for which this server is the master is only writable by root. This prevents a compromised named process from changing the master files. The 'slave' directory, however, should be writable by by bind because it's here that the data transfered from the master is stored. Also check that the zone configurations (probably in or referenced from /etc/named.conf) points master zones to the master directory and slaves to the slave.

Retrieved from "http://www.zanecorp.com/wiki/index.php/DNS_Gotchas"
Personal tools
NEW CHANGED