Almost certainly SELinux or AppArmor on the new platform getting in the way.
> On 10 Dec 2021, at 06:08, Bruce Johnson via bind-users > <bind-users@lists.isc.org> wrote: > > I'm setting up a new secondary for our domain with the intent to shut down an > existing one (which is running on a very old OS and bind version) > > Running Rocky Linux (replacement for CentOS 8.5) using the isc bind-esv > package here https://copr.fedorainfracloud.org/coprs/isc/bind-esv/ instead of > the built in (and old) version in the standard repo. > > I’ve copied over the named.conf file from the working secondary and made > appropriate changes; it passes named-checkconf > > Starting the service though I get the following error: > > ● isc-bind-named.service > Loaded: loaded (/usr/lib/systemd/system/isc-bind-named.service; enabled; > vendor preset: disabled) > Active: failed (Result: exit-code) since Thu 2021-12-09 13:16:09 EST; 24min > ago > Process: 3732 ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named > $OPTIONS (code=exited, status=1/FAILURE) > > Dec 09 13:16:09 example.com named[3733]: listening on IPv4 interface lo, > 127.0.0.1#53 > Dec 09 13:16:09 example.com named[3733]: listening on IPv4 interface > ens192,123.456.789.123#53 > Dec 09 13:16:09 example.com named[3733]: generating session key for dynamic > DNS > Dec 09 13:16:09 example.com named[3733]: sizing zone task pool based on 35 > zones > Dec 09 13:16:09 example.com named[3733]: could not configure root hints from > 'named.ca': permission denied > Dec 09 13:16:09 example.com named[3733]: loading configuration: permission > denied > Dec 09 13:16:09 example.com named[3733]: exiting (due to fatal error) > Dec 09 13:16:09 example.com systemd[1]: isc-bind-named.service: Control > process exited, code=exited status=1 > Dec 09 13:16:09 example.com systemd[1]: isc-bind-named.service: Failed with > result 'exit-code'. > Dec 09 13:16:09 example.com systemd[1]: Failed to start > isc-bind-named.service. > > Permissions for named.ca are the same as on our other working servers: > > -rw-rw-r--. 1 root named 3289 Dec 9 13:13 /var/named/named.ca > > This is the entry for that file in named.conf: > > zone "." IN { > type hint; > file "named.ca"; > }; > > does it need the full path? On the working secondary it’s entered the same > way in named.conf, but that’s running and ancient version BIND > 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 > > (and why I’m building a new one!) > > > -- > Bruce Johnson > University of Arizona > College of Pharmacy > Information Technology Group > > Institutions do not have opinions, merely customs > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
