check Bind
Hi I'm using centos-6.3 and I install bind9 on it by using (./configre, make, make install) How can I test if Bind is installed correctly ( I tried "service named status" but I received the error message "named :unrecognized") Nidal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: check Bind
On Aug 27, 2013, at 8:19 AM, Nidal Shater wrote: > Hi I'm using centos-6.3 and I install bind9 on it by using (./configre, make, > make install) > > How can I test if Bind is installed correctly ( I tried "service named > status" but I received the error message "named :unrecognized") Installing from source does not include "startup" scripts. Try "named -g" to get output to the current TTY, and once it is working, "named". AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: check Bind
On Aug 27, 2013, at 8:37 AM, Nidal Shater wrote: > I have tried "named -g " but an I have received the error message > " loading configuration from '/etc/named.conf' > /etc/named.conf:63: open: /etc/named.rfc1912.zones: file not found > loading configuration: file not found > " > how can I solve this ? I'd start by creating the file that it says is missing. Or deleting the config file and starting off from what I'm comfortable/familiar with. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
/etc/named.conf won't be installed !!
hi when I install BIND,,,BIND won't install the /etc/named.conf file why ??? I think bind has problems with centos6.3 could anybody figure it out PS: I use (./configure ,make, make install ) to install it ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: check Bind
On Aug 27, 2013, at 9:04 AM, Nidal Shater wrote: > why the file named.conf didn't indtalled in /etc,,, is there something wrong > with BIND9 ,,did you have any link that have a trusted bind9 for centos6.3 > > AND thanks. BIND does not install configuration files when you do an install from source. This is done on purpose, as correct configuration is more complex than "here's something that might work". Nothing is "wrong" with BIND. And you are welcome. 8-) AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: /etc/named.conf won't be installed !!
This was answered in the other thread, you need to create your own config file when installing from source. Steve On 27 August 2013 17:02, Nidal Shater wrote: > hi > when I install BIND,,,BIND won't install the /etc/named.conf file why ??? I > think bind has problems with centos6.3 > > could anybody figure it out > > PS: I use (./configure ,make, make install ) to install it > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: /etc/named.conf won't be installed !!
-Original Message- From: Nidal Shater Date: Tuesday, August 27, 2013 12:02 PM To: "bind-users@lists.isc.org" Subject: /etc/named.conf won't be installed !! >hi >when I install BIND,,,BIND won't install the /etc/named.conf file why ??? >I think bind has problems with centos6.3 >could anybody figure it out >PS: I use (./configure ,make, make install ) to install it Others pointed out it's normal for source install, refer to this as a reference: http://www.cymru.com/Documents/secure-bind-template.html Then check the latest ARM for other options you might need: https://kb.isc.org/article/AA-00845/0/BIND-9.9-Administrator-Reference-Manu al-ARM.html ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
redirecting root hints to fake internal root server
My environment is firewalled from the real world. For queries on zones to which I'm not master, I want to recurse to a corporate server. nslookup some.internal.hostname.com internal.corporate.server works fine. Setting "." to use this internal server in the root.hints file does not. In fact I do not even see my system trying to recurse. (I'm looking at network traffic with a sniffer.) My root.hints: .600INNSinternal.corporate.server. internal.corporate.server.600INA192.168.1.1 Alternatively I've setup a forwarding zone in named.conf to query 192.168.1.1 for 'internal.hostname.com'. When monitoring the network for udp data over port 53, I'm not even seeing the query being forwarded. Why? Thanks___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: redirecting root hints to fake internal root server
From: Colin Harvey
> My environment is firewalled from the real world. For queries on
> zones to which I'm not master, I want to recurse to a corporate
> server. nslookup some.internal.hostname.com
> internal.corporate.server works fine. Setting "." to use this
> internal server in the root.hints file does not. In fact I do not
> even see my system trying to recurse. (I'm looking at network
> traffic with a sniffer.)
>
> My root.hints:
>
> .600INNSinternal.corporate.server.
> internal.corporate.server.600INA192.168.1.1
>
>
> Alternatively I've setup a forwarding zone in named.conf to query
> 192.168.1.1 for 'internal.hostname.com'. When monitoring the
> network for udp data over port 53, I'm not even seeing the query
> being forwarded. Why?
Add these lines to your options section:
forward only;
forwarders {192.168.1.1;};
see
ftp://ftp.isc.org/isc/bind9/9.9.3-P2/doc/arm/Bv9ARM.ch06.html#id2578567
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: redirecting root hints to fake internal root server
Thanks. But I already have that option for the internal.hostname.com zone.
Still not seeing traffic going to 192.168.1.1.
Colin
From: "wbr...@e1b.org"
To: Colin Harvey
Cc: bind users ;
bind-users-bounces+wbrown=e1b@lists.isc.org
Sent: Tuesday, August 27, 2013 1:20 PM
Subject: Re: redirecting root hints to fake internal root server
From: Colin Harvey
> My environment is firewalled from the real world. For queries on
> zones to which I'm not master, I want to recurse to a corporate
> server. nslookup some.internal.hostname.com
> internal.corporate.server works fine. Setting "." to use this
> internal server in the root.hints file does not. In fact I do not
> even see my system trying to recurse. (I'm looking at network
> traffic with a sniffer.)
>
> My root.hints:
>
> . 600 IN NS internal.corporate.server.
> internal.corporate.server. 600 IN A 192.168.1.1
>
>
> Alternatively I've setup a forwarding zone in named.conf to query
> 192.168.1.1 for 'internal.hostname.com'. When monitoring the
> network for udp data over port 53, I'm not even seeing the query
> being forwarded. Why?
Add these lines to your options section:
forward only;
forwarders {192.168.1.1;};
see
ftp://ftp.isc.org/isc/bind9/9.9.3-P2/doc/arm/Bv9ARM.ch06.html#id2578567
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: check Bind
On Aug 27, 2013, at 2:21 PM, Nidal Shater wrote: > I create named.conf by my self > > and then when I type "named -g " > > it tolds me that "named.ca" :not found ,,, what that means ?? It means you typed in a sample without knowing what it does. I'll take a wild guess and say that it's supposed to contain root hints, but I don't know. I would recommend that you may want to read some of the documents presented earlier: Pro DNS and BIND by Ron Atchison - http://www.amazon.com/Pro-DNS-BIND-Ron-Aitchison/dp/1590594940 and DNS and BIND by Cricket Liu - http://www.amazon.com/DNS-BIND-5th-Cricket-Liu/dp/0596100574 AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: redirecting root hints to fake internal root server
dig +trace host.internal.hostname.com responds with a list of authoritative
nameservers for the zone and the error "dig: couldn't get address for
ns1.corporate.hostname.com" where the error cycles through all four of the
authoritative nameservers.
Also ns1.corporate.hostname.com is not 192.168.1.1.
Colin
From: Colin Harvey
To: "wbr...@e1b.org"
Cc: "bind-users-bounces+wbrown=e1b@lists.isc.org"
; bind users
Sent: Tuesday, August 27, 2013 2:13 PM
Subject: Re: redirecting root hints to fake internal root server
Thanks. But I already have that option for the internal.hostname.com zone.
Still not seeing traffic going to 192.168.1.1.
Colin
From: "wbr...@e1b.org"
To: Colin Harvey
Cc: bind users ;
bind-users-bounces+wbrown=e1b@lists.isc.org
Sent: Tuesday, August 27, 2013 1:20 PM
Subject: Re: redirecting root hints to fake internal root server
From: Colin Harvey
> My environment is firewalled from the real world. For queries on
> zones to which I'm not master, I want to recurse to a corporate
> server. nslookup some.internal.hostname.com
> internal.corporate.server works fine. Setting "." to use this
> internal server in the root.hints file does not. In fact I do not
> even see my system trying to recurse. (I'm looking at network
> traffic with a sniffer.)
>
> My root.hints:
>
> . 600 IN NS internal.corporate.server.
> internal.corporate.server. 600 IN A 192.168.1.1
>
>
> Alternatively I've setup a forwarding zone in named.conf to query
> 192.168.1.1 for 'internal.hostname.com'. When monitoring the
> network for udp data over port 53, I'm not even seeing the query
> being forwarded. Why?
Add these lines to your options section:
forward only;
forwarders {192.168.1.1;};
see
ftp://ftp.isc.org/isc/bind9/9.9.3-P2/doc/arm/Bv9ARM.ch06.html#id2578567
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-usersto unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
chroot /var/run permissions
Greetings, I'm upgrading my bind installation on one of my hosts, and everything seems to be working properly although I'm getting a permissions error/warning in the log on startup: Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open '/var/run/named.pid'. Aug 27 14:24:45 flotsam named[13746]: Please check file and directory permissions or reconfigure the filename. Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open '/var/run/named/session.key'. Aug 27 14:24:45 flotsam named[13746]: Please check file and directory permissions or reconfigure the filename. Aug 27 14:24:45 flotsam named[13746]: command channel listening on 127.0.0.1#953 Aug 27 14:24:45 flotsam named[13746]: the working directory is not writable Aug 27 14:24:45 flotsam named[13746]: all zones loaded This is in a chroot environment, and I'm starting a static-linked copy of named like this: /var/named/usr/sbin/named -t /var/named -u named. The permissions on the tree in questions are: /var/named/var: drwxrwx--- 3 root named 512 Aug 27 14:25 run /var/named/var/run: drwxrwx--- 2 root named 512 Aug 27 14:25 named After named starts, it creates /var/named/var/run/named.pid and /var/named/var/run/named/session.key with the following permissions: -rw-r--r-- 1 root named6 Aug 27 14:35 named.pid -rw--- 1 root named 102 Aug 27 14:35 session.key What I am I missing here? /var/named/var/run and /var/named/var/run/named have group write permissions, so it seems it *shouldn't* be complaining, and the resulting files should've been owned by named, shouldn't they? Thanks, -John -- Please consider the environment before printing this e-mail. This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is privileged, confidential and/or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee, or agent responsible for delivering the message to the intended recipient, is strictly prohibited. All contents are the copyright property of the sender. If you are not the intended recipient, you are nevertheless bound to respect the sender's worldwide legal rights. We require that unintended recipients delete the e-mail and destroy all electronic copies in their system, retaining no copies in any media. If you have received this e-mail in error, please immediately notify us by calling our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com. We appreciate your cooperation. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: /etc/named.conf won't be installed !!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2013-08-27 at 16:02 +, Nidal Shater wrote: > when I install BIND,,,BIND won't install the /etc/named.conf file why > ??? I think bind has problems with centos6.3 You might want to try an RPM install: http://www.five-ten-sg.com/mapper/bind -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlIdCaAACgkQL6j7milTFsE+WACfbBuUHVcWwqh6ehXrx1TAJsNi uygAnAycvjQB6pLGlN2fCW/X9s0rsfNT =cx8p -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: redirecting root hints to fake internal root server
On 8/27/2013 1:07 PM, Colin Harvey wrote: My environment is firewalled from the real world. For queries on zones to which I'm not master, I want to recurse to a corporate server. nslookup some.internal.hostname.com internal.corporate.server works fine. nslookup is a terrible DNS troubleshooting tool. Try dig. And to mimic how your nameserver would talk to the other nameserver, use the options +norec and +bufsiz=4096 (unless you've changed your EDNS0 buffer size from the default, in which case, plug in that value instead). Setting "." to use this internal server in the root.hints file does not. In fact I do not even see my system trying to recurse. (I'm looking at network traffic with a sniffer.) My root.hints: .600INNSinternal.corporate.server. internal.corporate.server.600INA192.168.1.1 Do you have recursion enabled? Alternatively I've setup a forwarding zone in named.conf to query 192.168.1.1 for 'internal.hostname.com'. Ugh, don't do that. Forwarding is for getting around network restrictions or limitations, and you haven't (so far) indicated that you have any of those to deal with. - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: chroot /var/run permissions
/var/run/named.pid and /var/run/named/session.key need to be writable by named. Additionally their parent directories need to be writable by named so the files can be removed on shutdown. The files are not writable by named. -rw-r--r-- 1 root named6 Aug 27 14:35 named.pid -rw--- 1 root named 102 Aug 27 14:35 session.key Named attempts to write these files as user named and if that fails it switches user back to root and re-attempts to write these files. If it succeeds with the second attempt you get the error messages below. Once named has opened the sockets it permanently switches to the user named. Mark In message , jo...@primebuchholz.com writes: > Greetings, > > I'm upgrading my bind installation on one of my hosts, and everything > seems to be working properly although I'm getting a permissions > error/warning in the log on startup: > > Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open > '/var/run/named.pid'. > Aug 27 14:24:45 flotsam named[13746]: Please check file and directory > permissions or reconfigure the filename. > Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open > '/var/run/named/session.key'. > Aug 27 14:24:45 flotsam named[13746]: Please check file and directory > permissions or reconfigure the filename. > Aug 27 14:24:45 flotsam named[13746]: command channel listening on > 127.0.0.1#953 > Aug 27 14:24:45 flotsam named[13746]: the working directory is not > writable > Aug 27 14:24:45 flotsam named[13746]: all zones loaded > > This is in a chroot environment, and I'm starting a static-linked copy of > named like this: /var/named/usr/sbin/named -t /var/named -u named. > > The permissions on the tree in questions are: > > /var/named/var: > > drwxrwx--- 3 root named 512 Aug 27 14:25 run > > /var/named/var/run: > > drwxrwx--- 2 root named 512 Aug 27 14:25 named > > After named starts, it creates /var/named/var/run/named.pid and > /var/named/var/run/named/session.key with the following permissions: > > -rw-r--r-- 1 root named6 Aug 27 14:35 named.pid > > -rw--- 1 root named 102 Aug 27 14:35 session.key > > What I am I missing here? /var/named/var/run and /var/named/var/run/named > have group write permissions, so it seems it *shouldn't* be complaining, > and the resulting files should've been owned by named, shouldn't they? > > Thanks, > > -John > > -- > Please consider the environment before printing this e-mail. > > This e-mail is intended only for the named person or entity to which it > is addressed and contains valuable business information that is > privileged, confidential and/or otherwise protected from disclosure. > Dissemination, distribution or copying of this e-mail or the informatio > n > herein by anyone other than the intended recipient, or an employee, or > agent responsible for delivering the message to the intended recipient, > is strictly prohibited. All contents are the copyright property of the > sender. If you are not the intended recipient, you are nevertheless > bound to respect the sender's worldwide legal rights. We require that > unintended recipients delete the e-mail and destroy all electronic > copies in their system, retaining no copies in any media. If you have > received this e-mail in error, please immediately notify us by calling > our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com. > We appreciate your cooperation. > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: chroot /var/run permissions
John, You should see if your full root on the box what permissions named has as a group and what the (bind/named) user has. If your running some restricting permissions via the sudoers you may need to lighten up to 775 from the chroot'd directory down giving the ownership the named group and named user. If the process does start and the permissions aren't right you will run into more errors like zone transfer fails and other things that require the process group and user to right into the directories where the zone files are stored. Just a thought but you may want to look into it. Regards, Ed On Tue, Aug 27, 2013 at 2:38 PM, wrote: > Greetings, > > I'm upgrading my bind installation on one of my hosts, and everything > seems to be working properly although I'm getting a permissions > error/warning in the log on startup: > > Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open > '/var/run/named.pid'. > Aug 27 14:24:45 flotsam named[13746]: Please check file and directory > permissions or reconfigure the filename. > Aug 27 14:24:45 flotsam named[13746]: Required root permissions to open > '/var/run/named/session.key'. > Aug 27 14:24:45 flotsam named[13746]: Please check file and directory > permissions or reconfigure the filename. > Aug 27 14:24:45 flotsam named[13746]: command channel listening on > 127.0.0.1#953 > Aug 27 14:24:45 flotsam named[13746]: the working directory is not > writable > Aug 27 14:24:45 flotsam named[13746]: all zones loaded > > This is in a chroot environment, and I'm starting a static-linked copy of > named like this: /var/named/usr/sbin/named -t /var/named -u named. > > The permissions on the tree in questions are: > > /var/named/var: > > drwxrwx--- 3 root named 512 Aug 27 14:25 run > > /var/named/var/run: > > drwxrwx--- 2 root named 512 Aug 27 14:25 named > > After named starts, it creates /var/named/var/run/named.pid and > /var/named/var/run/named/session.key with the following permissions: > > -rw-r--r-- 1 root named6 Aug 27 14:35 named.pid > > -rw--- 1 root named 102 Aug 27 14:35 session.key > > What I am I missing here? /var/named/var/run and /var/named/var/run/named > have group write permissions, so it seems it *shouldn't* be complaining, > and the resulting files should've been owned by named, shouldn't they? > > Thanks, > > -John > > -- > Please consider the environment before printing this e-mail. > > This e-mail is intended only for the named person or entity to > which it > is addressed and contains valuable business information that is > privileged, confidential and/or otherwise protected from > disclosure. > Dissemination, distribution or copying of this e-mail or the > information > herein by anyone other than the intended recipient, or an > employee, or > agent responsible for delivering the message to the intended > recipient, > is strictly prohibited. All contents are the copyright property > of the > sender. If you are not the intended recipient, you are > nevertheless > bound to respect the sender's worldwide legal rights. We require > that > unintended recipients delete the e-mail and destroy all electronic > copies in their system, retaining no copies in any media. If you > have > received this e-mail in error, please immediately notify us by > calling > our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com > . > We appreciate your cooperation. > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
