Posts Tagged bind

ubuntu and bind acting as slave

While installing a slave dns server with bind, I went into trouble. I could not understand why my slave zone would not synchronize. Actually I found these entries in /var/log/daemon.log:

named[24309]: dumping master file: /etc/bind/tmp-b0KyuKU5pG: open: permission denied
named[24309]: transfer of 'domain.com/IN' from w.x.y.z#53: failed while receiving responses: permission denied

It appears that since hardy, ubuntu doesn’t allow the named process to write in /etc/bind/ while it’s running.
Ubuntu is configured to allow slave zone to stay in /var/cache/bind/db.domain.com

So your slave zone will look like:

zone "domain.com" IN {
        type slave;
        file "/var/cache/bind/db.domain.com";
        masters { w.x.y.z; };
};

For the details, it’s due to apparmor, and precisely the file /etc/apparmor.d/usr.sbin.named.
As shipped with ubuntu, this file contains the authorizations for the named process that restricts where bind can write its zones, and reserves /var/cache/bind/ as the directory where bind is supposed to put its slave zones.
This seems to me technically good because /etc is pretty much supposed to be “read-only able” (beside /etc/mtab and /etc/resolv.conf that you can put in /dev/shm or link from /var/etc). This makes me wonder where to put master zones that you want to change ? Probably in /var/lib/bind because it’s where dynamically updated zone are.

Advertisements

Comments (3)

Finding dns server version (only bind)

To find the version of running bind version remotely, you can type that command:
nslookup -q=txt -class=CHAOS version.bind. ns1.domain.com
or with dig:
dig @ns1.domain.com version.bind chaos txt
or with host:
host -t TXT -c chaos version.bind ns1.domain.com

If you don’t want your bind to show the version you are currently running, on a ubuntu system you will add a version "[Secured]"; directive in the options section of the file /etc/bind/named.conf.options

That’s it !

Leave a Comment

web based bind zone generator

There a some web based bind zone generator, but searching for “zone generator” in google, I found a lot that aren’t working, refining my research didn’t helped me. I finally found one that does the stuff. It’s not optimal , but it work , and it’s there
Please, if you know of a better one, just let me know !

Comments (1)