/var/named/chroot/etc
named.conf rndc.conf rndc.key <any other config file for Bind>
YES, I copied named.conf rndc.conf rndc.key to /var/named/chroot/etc.
[root@mailgw ~]# cd /var/named/chroot/etc/
[root@mailgw etc]# pwd
/var/named/chroot/etc
[root@mailgw etc]# ls -al
total 56
drwxr-x--- 2 root named 4096 Jul 5 13:26 .
drwxr-x--- 6 root named 4096 Apr 11 15:41 ..
-rw-r--r-- 1 root root 347 May 14 16:59 localtime
-rw-r--r-- 1 root named 1681 Jul 5 12:46 named.conf
-rw-r--r-- 1 root named 1114 Jul 5 10:28 rndc.conf
-rw-r--r-- 1 root named 113 Apr 27 15:28 rndc.key
You can see above files and their permission .
Here is my named.conf. pls see below
[root@mailgw etc]# cat named.conf
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.root";
};
//zone "localdomain" IN {
// type master;
// file "localdomain.zone";
// allow-update { none; };
//};
//zone "localhost" IN {
// type master;
// file "localhost.zone";
// allow-update { none; };
//};
//zone "0.0.127.in-addr.arpa" IN {
// type master;
// file " named.local ";
// allow-update { none; };
//};
//zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
// type master;
// file "named.ip6.local ";
// allow-update { none; };
//};
//zone "255.in-addr.arpa" IN {
// type master;
// file "named.broadcast";
// allow-update { none; };
//};
//zone " 0.in-addr.arpa" IN {
// type master;
// file "named.zero";
// allow-update { none; };
//};
zone " example77.com " IN {
type master;
file "master/example77.com.zone";
};
include "/etc/rndc.key";
here is my rndc.conf file. pls see below
[root@mailgw etc]# cat rndc.conf
/*
* Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.conf ,v 1.7.2.1 2004/03/09 06:09:27 marka Exp $ */
/*
* Sample rndc configuration file.
*/
options {
default-server localhost;
default-key "rndckey";
};
server localhost {
key "rndckey";
};
include "/etc/rndc.key";
here is my rndc.key. pls see below.
[root@mailgw etc]# cat rndc.key
key "rndckey" {
algorithm hmac-md5;
secret "pS6vJwWxIHVKPO6uOwwzd41Q8ubhGYcm69pJWNh3oeADrdSLo7dHIH24nxep";
};
and also, I added 2 syslinks to /etc. Pls see below.
[root@mailgw etc]# pwd
/etc
[root@mailgw etc]# ln -s /var/named/chroot/etc/rndc.conf rndc.conf
[root@mailgw etc]# ln -s /var/named/chroot/etc/named.conf named.conf
[root@mailgw etc]# ls -al /etc/named.conf
lrwxrwxrwx 1 root root 32 Jul 5 10:33 /etc/named.conf -> /var/named/chroot/etc/named.conf
[root@mailgw etc]# ls -al /etc/rndc.conf
lrwxrwxrwx 1 root root 31 Jul 5 10:32 /etc/rndc.conf -> /var/named/chroot/etc/rndc.conf
And, Below symlink was added by default.
[root@mailgw etc]# ls -al /etc/rndc.key
lrwxrwxrwx 1 root named 31 Apr 27 15:28 /etc/rndc.key -> /var/named/chroot//etc/rndc.key
Then, I did cd to /var/named/chroot/var/named/ as follows.
[root@mailgw etc]# cd /var/named/chroot/var/named/
I do not want to plce my zone files @ var/named/chroot/var/named/slaves
So, I created a directory called master as follows.
[root@mailgw named]# mkdir master
And, Changed permision as follows.
[root@mailgw named]# chown -R named:named master/
[root@mailgw named]# chmod -R 770 master/
[root@mailgw named]# ls -al
total 36
drwxr-x--- 5 root named 4096 Jul 5 10:36 .
drwxr-x--- 5 root named 4096 Mar 14 2003 ..
drwxrwx--- 2 named named 4096 Aug 26 2004 data
drwxrwx--- 2 named named 4096 Jul 5 10:36 master
drwxrwx--- 2 named named 4096 Jul 5 10:36 slaves
Then ,
[root@mailgw named]# cd master/
[root@mailgw master]# pwd
/var/named/chroot/var/named/master
[root@mailgw master]# touch example77.com.zone
[root@mailgw master]# chown named:named example77.com.zone
And, I included my zone info to that file. here it is.
[root@mailgw master]# cat example77.com.zone
$TTL 86400
@ IN SOA gateway.example77.com. root.example77.com. (
2006101604 ; Serial
1800 ; Refresh
300 ; Retry
360000 ; Expire
86400 ) ; Minimum
IN NS gateway.example77.com .
IN MX 10 gateway.example77.com.
IN MX 20 mail.example77.com.
IN A 192.168.0.3
gateway IN A 192.168.0.3
mail IN A 192.168.0.2
[root@mailgw master]# /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: [ OK ]
But, I ckecked /var/log/messeges. I get below errors.
master/example77.com.zone:11: example77.com\032: bad owner name (check-names)
Jul 5 14:32:42 mailgw named[8047]: zone example77.com\032/IN: loading master file master/example77.com.zone: bad owner name (check-names)
It says bad owner name (check-names). what it is. These are whtat I got evrerything in /var/log/messages. pls see below.
[root@mailgw master]# tail -f /var/log/messages
Jul 5 14:32:40 mailgw named[7993]: exiting
Jul 5 14:32:42 mailgw named[8047]: starting BIND 9.3.3rc2 -u named -t /var/named/chroot
Jul 5 14:32:42 mailgw named[8047]: found 2 CPUs, using 2 worker threads
Jul 5 14:32:42 mailgw named[8047]: loading configuration from '/etc/named.conf'
Jul 5 14:32:42 mailgw named[8047]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 5 14:32:42 mailgw named[8047]: listening on IPv4 interface eth0, 203.143.26.131#53
Jul 5 14:32:42 mailgw named[8047]: command channel listening on 127.0.0.1#953
Jul 5 14:32:42 mailgw named[8047]: master/example77.com.zone:11: example77.com\032: bad owner name (check-names)
Jul 5 14:32:42 mailgw named[8047]: zone example77.com\032/IN: loading master file master/example77.com.zone: bad owner name (check-names)
Jul 5 14:32:42 mailgw named[8047]: running
Whar exalty has happened.
I think you are alreday runnig bind 9.3.3 under chroot jail on centOS 5.
Pls help me to solve this issue. This is a MUST for me . So I need your help.
Pls NOTE that domain I have given above is example77.com. I can not give my real doamin name due to security reason. We can go ahead with that doamin name. when it gets up and running, I can change it to my real dmain name.
--
Thank you
Indunil Jayasooriya
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
