I just set up a CentOS 5.2 system with bind9 (9.3.4-6.0.1.P1.el5) and I'm running up against a problem that seems to be related to SELinux. If I set named_disable_trans to 1, everything works as expected, but if I leave it enabled the server will only give me data for the zones for which it is authoritative. For external sites it returns a ServFail error. This is with nslookup and dig. If I start named from the command line with the command "named -u named", the server returns the expected response. tcpdump shows that the server is querying itself and getting a ServFail response. I figure that I'm missing something really basic, but not sure what. Debug logs show this: FAIL: clientmgr @0x2b491728c1d0: createclients clientmgr @0x2b491728c1d0: recycle . . . fctx 0x2b49173153e0(www.google.com/A'): shutdown client 192.168.213.111#33096: view internal: error Succeed: clientmgr @0x2b109771bd30: createclients clientmgr @0x2b109771bd30: create new . . . res 0x2b109778cae0: dns_resolver_prime res 0x2b109778cae0: priming createfetch: . NS fctx 0x2b109781e280(./NS'): create fctx 0x2b109781e280(./NS'): join fetch 0x2b109781e260 (fctx 0x2b109781e280(./NS)): created dns_adb_createfind: found A for name 0x2b109780fa70 in db fctx 0x2b109781e280(./NS'): start res 0x2b109778cae0: dns_resolver_prime fctx 0x2b109781e280(./NS'): try fctx 0x2b109781e280(./NS'): cancelqueries fctx 0x2b109781e280(./NS'): getaddresses dns_adb_createfind: found AAAA for name 0x2b109780fa70 . . . Any ideas? Thanks in advance, M _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos