Ugh, forgot about that…that was it.
Thanks! On Dec 9, 2021, at 3:48 PM, Mark Andrews <ma...@isc.org<mailto:ma...@isc.org>> wrote: Almost certainly SELinux or AppArmor on the new platform getting in the way. On 10 Dec 2021, at 06:08, Bruce Johnson via bind-users <bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>> wrote: I'm setting up a new secondary for our domain with the intent to shut down an existing one (which is running on a very old OS and bind version) Running Rocky Linux (replacement for CentOS 8.5) using the isc bind-esv package here https://copr.fedorainfracloud.org/coprs/isc/bind-esv/ instead of the built in (and old) version in the standard repo. I’ve copied over the named.conf file from the working secondary and made appropriate changes; it passes named-checkconf Starting the service though I get the following error: ● isc-bind-named.service Loaded: loaded (/usr/lib/systemd/system/isc-bind-named.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2021-12-09 13:16:09 EST; 24min ago Process: 3732 ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named $OPTIONS (code=exited, status=1/FAILURE) Dec 09 13:16:09 example.com<http://example.com> named[3733]: listening on IPv4 interface lo, 127.0.0.1#53 Dec 09 13:16:09 example.com<http://example.com> named[3733]: listening on IPv4 interface ens192,123.456.789.123#53 Dec 09 13:16:09 example.com<http://example.com> named[3733]: generating session key for dynamic DNS Dec 09 13:16:09 example.com<http://example.com> named[3733]: sizing zone task pool based on 35 zones Dec 09 13:16:09 example.com<http://example.com> named[3733]: could not configure root hints from 'named.ca<http://named.ca>': permission denied Dec 09 13:16:09 example.com<http://example.com> named[3733]: loading configuration: permission denied Dec 09 13:16:09 example.com<http://example.com> named[3733]: exiting (due to fatal error) Dec 09 13:16:09 example.com<http://example.com> systemd[1]: isc-bind-named.service: Control process exited, code=exited status=1 Dec 09 13:16:09 example.com<http://example.com> systemd[1]: isc-bind-named.service: Failed with result 'exit-code'. Dec 09 13:16:09 example.com<http://example.com> systemd[1]: Failed to start isc-bind-named.service. Permissions for named.ca<http://named.ca> are the same as on our other working servers: -rw-rw-r--. 1 root named 3289 Dec 9 13:13 /var/named/named.ca<http://named.ca> This is the entry for that file in named.conf: zone "." IN { type hint; file "named.ca<http://named.ca>"; }; does it need the full path? On the working secondary it’s entered the same way in named.conf, but that’s running and ancient version BIND 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 (and why I’m building a new one!) -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org<mailto:ma...@isc.org> -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
