Re: F11 update issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Andy Blanchard wrote:
> 
> 
> Check to see whether the file exists and if so whether it is
> accessible by the user or group "named" since your BIND will
> presumably be dropping priviledges once loaded.  If you are chrooted
> as well, you may need to check both the chroot and non-chroot config
> folder depending on when the file gets read.
> 
> This may not be down to the DNSSEC update from this morning though.  I
> had a couple of problems and errors after the last update of BIND on
> F11 a few days back.  It looks like that update moved some files
> around (localhost zones) and reset some file and directory
> permissions.  The zone file issue was partly my problem as I wasn't
> using the default F11 BIND names for legacy reasons (now fixed).  I
> run "rndc stats" and parse some of the output into MRTG every five
> minutes, this was failing as the process was chrooted and the "named"
> user and group had had their rights to the statistics file revoked.
> 
> 

Thank you Andy - this partly helps - I am running in a chroot and indeed the
file named.dnssec.keys
is in the /var/named/chroot/etc area and has lines which are not correct in
the chroot, namely
/etc/pki/dnssec-keys/production/bg.conf

After editing the file to make the paths correct pointing to
/var/named/chroot/etc/pki and so on I then see that there are lots of
references to files in /etc/pki/dnssec-keys/production/reverse

and when I checked this directory it is empty and was never populated by the
updated files during the yum update!

So I believe that the named update itself may be faulty with missing files,
unless someone else can confirm that they do have the necessary files:
include "/etc/pki/dnssec-keys/production/reverse/0.4.1.0.0.2.ip6.arpa.conf";
include "/etc/pki/dnssec-keys/production/reverse/0.a.2.ip6.arpa.conf";
include "/etc/pki/dnssec-keys/production/reverse/1.4.1.0.0.2.ip6.arpa.conf";
include "/etc/pki/dnssec-keys/production/reverse/109.in-addr.arpa.conf";

and many other similar lines in the directory
/etc/pki/dnssec-keys/production/reverse/ ?

Presumably the bind-chroot package ought to have also included files which
have appropriate paths in the files referred to when running in the chroot?
Despite this there appear to be missing files even outside the chroot, in
real /etc/pki/dnssec-keys/

It would be nice to get this sorted out. I don't think there are permissions
problems in my case though.


-- 
View this message in context: http://n3.nabble.com/F11-update-issue-tp196205p196387.html
Sent from the Fedora Users mailing list archive at Nabble.com.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux