Issues setting up a 2nd Private DNS server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I am trying to setup a 2nd private DNS server in my private
network, behind the firewall (with DNS access enabled) and
I am able to resolve all of my local systems.  However, I have
some problems. One involves SELinux and the other involved
forwarding as shown below:

1) SELinux errors are reported only when starting/stopping/restarting
   named.
++++++++++++++++++++++++++++++++++++++++++++++
Source Context                system_u:system_r:named_t:s0
Target Context                system_u:system_r:unconfined_t:s0
Target Objects                socket [ unix_stream_socket ]
Source                        named-checkconf
Source Path                   /usr/sbin/named-checkconf
Port                          <Unknown>
Host                          gold.cdkkt.com
Source RPM Packages           bind-9.5.0-26.b3.fc8
Target RPM Packages Policy RPM selinux-policy-3.0.8-101.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     gold.cdkkt.com
Platform Linux gold.cdkkt.com 2.6.24.7-92.fc8 #1 SMP Wed
                             May 7 16:50:09 EDT 2008 i686 i686
Alert Count                   4
First Seen                    Mon 02 Jun 2008 10:00:25 AM PDT
Last Seen                     Mon 02 Jun 2008 10:01:43 AM PDT
Local ID                      7faef252-f1ea-4e36-8f51-167799fcb429
Line Numbers Raw Audit Messages host=gold.cdkkt.com type=AVC msg=audit(1212426103.808:4122): avc: denied { read write } for pid=7037 comm="named" path="socket:[874313]" dev=sockfs ino=874313 scontext=system_u:system_r:named_t:s0 tcontext=system_u:system_r:unconfined_t:s0 tclass=unix_stream_socket

host=gold.cdkkt.com type=SYSCALL msg=audit(1212426103.808:4122): arch=40000003 syscall=11 success=yes exit=0 a0=9b05a68 a1=9b05e38 a2=9b04fe0 a3=0 items=0 ppid=7036 pid=7037 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="named" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key=(null)
++++++++++++++++++++++++++++++++++++++++++++++
Source Context                system_u:system_r:ndc_t:s0
Target Context                system_u:system_r:unconfined_t:s0
Target Objects                socket [ unix_stream_socket ]
Source                        rndc
Source Path                   /usr/sbin/rndc
Port                          <Unknown>
Host                          gold.cdkkt.com
Source RPM Packages           bind-9.5.0-26.b3.fc8
Target RPM Packages Policy RPM selinux-policy-3.0.8-101.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     gold.cdkkt.com
Platform Linux gold.cdkkt.com 2.6.24.7-92.fc8 #1 SMP Wed
                             May 7 16:50:09 EDT 2008 i686 i686
Alert Count                   4
First Seen                    Mon 02 Jun 2008 10:00:23 AM PDT
Last Seen                     Mon 02 Jun 2008 10:01:43 AM PDT
Local ID                      cc0e5f4b-aa41-4543-9569-df7d65f83f1c
Line Numbers Raw Audit Messages host=gold.cdkkt.com type=AVC msg=audit(1212426103.905:4123): avc: denied { read write } for pid=7064 comm="rndc" path="socket:[874313]" dev=sockfs ino=874313 scontext=system_u:system_r:ndc_t:s0 tcontext=system_u:system_r:unconfined_t:s0 tclass=unix_stream_socket

host=gold.cdkkt.com type=SYSCALL msg=audit(1212426103.905:4123): arch=40000003 syscall=11 success=yes exit=0 a0=90000d0 a1=9000078 a2=8fe12e0 a3=0 items=0 ppid=7055 pid=7064 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rndc" exe="/usr/sbin/rndc" subj=system_u:system_r:ndc_t:s0 key=(null)
++++++++++++++++++++++++++++++++++++++++++++++
Source Context                system_u:system_r:mount_t:s0
Target Context                system_u:system_r:unconfined_t:s0
Target Objects                socket [ unix_stream_socket ]
Source                        umount
Source Path                   /bin/umount
Port                          <Unknown>
Host                          gold.cdkkt.com
Source RPM Packages           util-linux-ng-2.13.1-2.fc8
Target RPM Packages Policy RPM selinux-policy-3.0.8-101.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     gold.cdkkt.com
Platform Linux gold.cdkkt.com 2.6.24.7-92.fc8 #1 SMP Wed
                             May 7 16:50:09 EDT 2008 i686 i686
Alert Count                   4
First Seen                    Mon 02 Jun 2008 10:00:25 AM PDT
Last Seen                     Mon 02 Jun 2008 10:01:43 AM PDT
Local ID                      439fbb1b-17d2-40b4-9242-744d5d69e303
Line Numbers Raw Audit Messages host=gold.cdkkt.com type=AVC msg=audit(1212426103.790:4120): avc: denied { read write } for pid=7034 comm="mount" path="socket:[874313]" dev=sockfs ino=874313 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:system_r:unconfined_t:s0 tclass=unix_stream_socket

host=gold.cdkkt.com type=SYSCALL msg=audit(1212426103.790:4120): arch=40000003 syscall=11 success=yes exit=0 a0=870e610 a1=86e8fa8 a2=86eb2e0 a3=0 items=0 ppid=7014 pid=7034 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mount" exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)
++++++++++++++++++++++++++++++++++++++++++++++

2) Forwarders do not work:
++++++++++++++++++++++++++++++++++++++++++++++
** server can't find msn.com: NXDOMAIN
++++++++++++++++++++++++++++++++++++++++++++++


Please advise,
Dan

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux