Hello,
I'm having a bit of difficulty setting up bind on FC11 (x64) which I'm using in a standalone network environment (i.e. no external network connectivity; essentially a closed dev network). I loaded the package from Red Hat and started it running as a service after building my zone files and /etc/named.conf. I'm not using chroot, just vanilla bind. I've read a number of posts about conflicts with bind and SELinux which seems to be the issue here. When I set the named_write_master_zones flag in SELinux, any actions related to starting or stopping the named service seem to set the flag back to false. > restorecon -R -v /var/named > setsebool -P named_write_master_zones=1 Message log entry: Sep 11 17:13:11 netmgr setsebool: The named_write_master_zones policy boolean was changed to 1 by root > service named restart Message log entry: Sep 11 17:13:19 netmgr setsebool: The named_write_master_zones policy boolean was changed to 0 by root Sep 11 17:13:19 netmgr named[3198]: received control channel command 'stop' Sep 11 17:13:19 netmgr named[3198]: shutting down: flushing changes Sep 11 17:13:19 netmgr named[3198]: stopping command channel on 127.0.0.1#953 Sep 11 17:13:19 netmgr named[3198]: stopping command channel on ::1#953 Sep 11 17:13:19 netmgr named[3198]: no longer listening on 127.0.0.1#53 Sep 11 17:13:19 netmgr named[3198]: no longer listening on 192.168.2.0#53 Sep 11 17:13:19 netmgr named[3198]: no longer listening on ::1#53 Sep 11 17:13:19 netmgr named[3198]: exiting Sep 11 17:13:20 netmgr named[3270]: starting BIND 9.6.1-P1-RedHat-9.6.1-4.P1.fc11 -u named Sep 11 17:13:20 netmgr named[3270]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' Sep 11 17:13:20 netmgr named[3270]: adjusted limit on open files from 1024 to 1048576 Sep 11 17:13:20 netmgr named[3270]: found 4 CPUs, using 4 worker threads Sep 11 17:13:20 netmgr named[3270]: using up to 4096 sockets Sep 11 17:13:20 netmgr named[3270]: loading configuration from '/etc/named.conf' Sep 11 17:13:20 netmgr named[3270]: using default UDP/IPv4 port range: [1024, 65535] Sep 11 17:13:20 netmgr named[3270]: using default UDP/IPv6 port range: [1024, 65535] Sep 11 17:13:20 netmgr named[3270]: listening on IPv4 interface lo, 127.0.0.1#53 Sep 11 17:13:20 netmgr named[3270]: listening on IPv4 interface eth0, 192.168.2.0#53 Sep 11 17:13:20 netmgr named[3270]: listening on IPv6 interface lo, ::1#53 Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: 127.IN-ADDR.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: 254.169.IN-ADDR.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: D.F.IP6.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: 8.E.F.IP6.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: 9.E.F.IP6.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: A.E.F.IP6.ARPA Sep 11 17:13:20 netmgr named[3270]: automatic empty zone: B.E.F.IP6.ARPA Sep 11 17:13:20 netmgr named[3270]: command channel listening on 127.0.0.1#953 Sep 11 17:13:20 netmgr named[3270]: command channel listening on ::1#953 Sep 11 17:13:20 netmgr named[3270]: the working directory is not writable Sep 11 17:13:20 netmgr named[3270]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA) Sep 11 17:13:20 netmgr named[3270]: zone 0.in-addr.arpa/IN: loaded serial 0 Sep 11 17:13:20 netmgr named[3270]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA) Sep 11 17:13:20 netmgr named[3270]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Sep 11 17:13:20 netmgr named[3270]: zone 2.168.192.in-addr.arpa/IN: NS 'netmgr.2.168.192.in-addr.arpa' has no address records (A or AAAA) Sep 11 17:13:20 netmgr named[3270]: zone 2.168.192.in-addr.arpa/IN: loaded serial 9091101 Sep 11 17:13:20 netmgr named[3270]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa /IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arp a' has no address records (A or AAAA) Sep 11 17:13:20 netmgr named[3270]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa /IN: loaded serial 0 Sep 11 17:13:20 netmgr named[3270]: zone localhost.localdomain/IN: loaded serial 0 Sep 11 17:13:20 netmgr named[3270]: zone localhost/IN: loaded serial 0 Sep 11 17:13:20 netmgr named[3270]: zone u-giif.af.mil/IN: loaded serial 9091103 Sep 11 17:13:20 netmgr named[3270]: running Sep 11 17:13:22 netmgr setroubleshoot: SELinux is preventing the named daemon from writing to the zone directory For complete SELinux messages. run sealert -l d8456462-ce0f-4372-89ac-fafae8a6be35 Thoughts as to how to convince SELinux that I wasn't kidding? Thanks. -Andy
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
