解决Bind 9 dumping master file tmp-XXXX open permission denied问题 » 荒野无灯weblog

Keep It Simple, Stupid.

荒野无灯weblog

解决Bind 9 dumping master file tmp-XXXX open permission denied问题

查看系统日志:

[email protected]:/etc/bind# tail /var/log/syslog
Jul 17 14:48:07 hywd11 kernel: [ 1897.453020] type=1503 audit(1279349287.293:24): operation=”mknod” pid=1502 parent=1 profile=”/usr/sbin/named” requested_mask=”c::” denied_mask=”c::” fsuid=105 ouid=105 name=”/etc/bind/slaves/tmp-S6QzVvM3Nz”
Jul 17 15:04:02 hywd11 named[1501]: zone 13.caonima.com/IN: Transfer started.
Jul 17 15:04:02 hywd11 named[1501]: transfer of ’13.caonima.com/IN’ from 172.40.200.13#53: connected using 172.40.200.11#34735
Jul 17 15:04:02 hywd11 named[1501]: dumping master file: /etc/bind/slaves/tmp-uNuxn6s0Wn: open: permission denied
Jul 17 15:04:02 hywd11 named[1501]: transfer of ’13.caonima.com/IN’ from 172.40.200.13#53: failed while receiving responses: permission denied
Jul 17 15:04:02 hywd11 named[1501]: transfer of ’13.caonima.com/IN’ from 172.40.200.13#53: Transfer completed: 0 messages, 10 records, 0 bytes, 0.005 secs (0 bytes/sec)
Jul 17 15:04:02 hywd11 kernel: [ 2852.442903] type=1503 audit(1279350242.281:25): operation=”mknod” pid=1502 parent=1 profile=”/usr/sbin/named” requested_mask=”c::” denied_mask=”c::” fsuid=105 ouid=105 name=”/etc/bind/slaves/tmp-uNuxn6s0Wn”
Jul 17 15:09:01 hywd11 CRON[1539]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
Jul 17 15:17:01 hywd11 CRON[1549]: (root) CMD ( cd / && run-parts –report /etc/cron.hourly)
8435,1 Bot

问题描述:
slave的DNS無法成功將master DNS修改的记录自动同步过来,使用
tail -20 /var/log/messages可以看到类似下面的错误信息:
dumping master file: tmp-XXXX: open: permission denied

解决办法:
对于redhat linux ,只要在slave那台DNS主机上面修改/etc/sysconfig/named
加上
ENABLE_ZONE_WRITE=yes
再重新启动named即可。

对于ubuntu linux 系统,它并没有 /etc/sysconfig 文件。我们得修改另外的东东。
编辑 /etc/apparmor.d/usr.sbin.named
查找/etc/bind/** r
修改成 /etc/bind/** rw
即加了一个w .
然后重启 apparmor

/etc/init.d/apparmor restart

或者
reload 配置:

cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r

关于apparmor

https://help.ubuntu.com/10.04/serverguide/C/apparmor.html

Tagged in : Bind 9

All Comments (0)
Gravatar image
No Comments