Andy Blanchard wrote: > > > Check to see whether the file exists and if so whether it is > accessible by the user or group "named" since your BIND will > presumably be dropping priviledges once loaded. If you are chrooted > as well, you may need to check both the chroot and non-chroot config > folder depending on when the file gets read. > > This may not be down to the DNSSEC update from this morning though. I > had a couple of problems and errors after the last update of BIND on > F11 a few days back. It looks like that update moved some files > around (localhost zones) and reset some file and directory > permissions. The zone file issue was partly my problem as I wasn't > using the default F11 BIND names for legacy reasons (now fixed). I > run "rndc stats" and parse some of the output into MRTG every five > minutes, this was failing as the process was chrooted and the "named" > user and group had had their rights to the statistics file revoked. > > Thank you Andy - this partly helps - I am running in a chroot and indeed the file named.dnssec.keys is in the /var/named/chroot/etc area and has lines which are not correct in the chroot, namely /etc/pki/dnssec-keys/production/bg.conf After editing the file to make the paths correct pointing to /var/named/chroot/etc/pki and so on I then see that there are lots of references to files in /etc/pki/dnssec-keys/production/reverse and when I checked this directory it is empty and was never populated by the updated files during the yum update! So I believe that the named update itself may be faulty with missing files, unless someone else can confirm that they do have the necessary files: include "/etc/pki/dnssec-keys/production/reverse/0.4.1.0.0.2.ip6.arpa.conf"; include "/etc/pki/dnssec-keys/production/reverse/0.a.2.ip6.arpa.conf"; include "/etc/pki/dnssec-keys/production/reverse/1.4.1.0.0.2.ip6.arpa.conf"; include "/etc/pki/dnssec-keys/production/reverse/109.in-addr.arpa.conf"; and many other similar lines in the directory /etc/pki/dnssec-keys/production/reverse/ ? Presumably the bind-chroot package ought to have also included files which have appropriate paths in the files referred to when running in the chroot? Despite this there appear to be missing files even outside the chroot, in real /etc/pki/dnssec-keys/ It would be nice to get this sorted out. I don't think there are permissions problems in my case though. -- View this message in context: http://n3.nabble.com/F11-update-issue-tp196205p196387.html Sent from the Fedora Users mailing list archive at Nabble.com. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
