Most likely SELinux policy is preventing access to those files. Check the other logs.
Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 13. 6. 2021, at 7:48, ToddAndMargo via bind-users > <bind-users@lists.isc.org> wrote: > > On 6/12/21 8:30 PM, ToddAndMargo via bind-users wrote: >> # named-checkzone -t /var/named/chroot/var/named/slaves abc.local >> abc.hosts.rev >> abc.hosts.rev:3: ignoring out-of-zone data (255.168.192.in-addr.arpa) >> abc.hosts.rev:14: ignoring out-of-zone data >> abc.hosts(10.255.168.192.in-addr.arpa) >> abc.hosts.rev:17: ignoring out-of-zone data > > > # rpm -aq bind\* > bind-export-libs-9.11.11-1.fc30.x86_64 > bind-license-9.16.16-1.fc34.noarch > bind-dnssec-doc-9.16.16-1.fc34.noarch > bind-libs-9.16.16-1.fc34.x86_64 > bind-utils-9.16.16-1.fc34.x86_64 > bind-dnssec-utils-9.16.16-1.fc34.x86_64 > bind-9.16.16-1.fc34.x86_64 > bind-chroot-9.16.16-1.fc34.x86_64 > > > Oh poop. I had the zone name wrong again. The zone > name comes directly from named.conf. Duh! > > > # named-checkzone -t /var/named/chroot/var/named/slaves > 255.168.192.in-addr.arpa abc.hosts.rev > zone 255.168.192.in-addr.arpa/IN: loaded serial 213 > OK > > Now I also have > > # named-checkzone -t /var/named/chroot/var/named/slaves abc.local abc.hosts > zone abc.local/IN: loaded serial 265 > OK > > > and > > # named-checkconf -l -t /var/named/chroot /etc/named.conf > abc.local IN _default master > 255.168.192.in-addr.arpa IN _default master > 0.0.127.in-addr.arpa IN _default master > > > So why am I getting file not found in the following? > > # systemctl status named.service > > × named.service - Berkeley Internet Name Domain (DNS) > Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor > preset: disabled) > Active: failed (Result: exit-code) since Sat 2021-06-12 16:31:16 PDT; 3h > 46min ago > Process: 18368 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" > == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo > "Checking of zone files is > > CPU: 12ms > > Jun 12 16:31:16 rn6.abc.local bash[18369]: _default/abc.local/IN: file not > found > Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 255.168.192.in-addr.arpa/IN: > loading from master file slaves/abc.hosts.rev failed: file not found > Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 255.168.192.in-addr.arpa/IN: > not loaded due to errors. > Jun 12 16:31:16 rn6.abc.local bash[18369]: > _default/255.168.192.in-addr.arpa/IN: file not found > Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 0.0.127.in-addr.arpa/IN: > loading from master file named.local failed: file not found > Jun 12 16:31:16 rn6.abc.local bash[18369]: zone 0.0.127.in-addr.arpa/IN: not > loaded due to errors. > Jun 12 16:31:16 rn6.abc.local bash[18369]: _default/0.0.127.in-addr.arpa/IN: > file not found > Jun 12 16:31:16 rn6.abc.local systemd[1]: named.service: Control process > exited, code=exited, status=1/FAILURE > Jun 12 16:31:16 rn6.abc.local systemd[1]: named.service: Failed with result > 'exit-code'. > Jun 12 16:31:16 rn6.abc.local systemd[1]: Failed to start Berkeley Internet > Name Domain (DNS). > > > > My /etc/named.local > > // generated by named-bootconf.pl > > options { > # the following forwarders is Family freindly Open DNS: > # forwarders { 208.67.222.122; 208.67.220.120; }; > > # the following forwarders is for Open DNS > forwarders { 208.67.222.222; 208.67.220.220; }; > > # the following forwarders is for Google's DNS > #forwarders { 8.8.8.8; 8.8.4.4; }; > > directory "/var/named"; > # pid-file "/var/named/chroot/run/named/named.pid"; > # pid-file "/var/named/chroot/run/named/nonamed.pid"; > /* > * If there is a firewall between you and nameservers you want > * to talk to, you might need to uncomment the query-source > * directive below. Previous versions of BIND always asked > * questions using port 53, but BIND 8.1 uses an unprivileged > * port by default. > */ > // query-source address * port 53; > }; > > > key DHCP_UPDATER { > algorithm hmac-md5; > secret cgGq509uDODGTU4J9QZwgQ==; > }; > > zone "abc.local" { > type master; > # file "/var/named/chroot/var/named/slaves/abc.hosts"; > file "slaves/abc.hosts"; > allow-update { key DHCP_UPDATER; }; > # allow-update { 127.0.0.1; }; > }; > > zone "255.168.192.in-addr.arpa" { > type master; > # file "/var/named/chroot/var/named/slaves/abc.hosts.rev"; > file "slaves/abc.hosts.rev"; > allow-update { key DHCP_UPDATER; }; > # allow-update { 127.0.0.1; }; > }; > > zone "0.0.127.in-addr.arpa" { > type master; > # file "/var/named/chroot/var/named/named.local"; > file "named.local"; > }; > > # logging { > # channel update_debug { > # file "/var/named/chroot/var/named/slaves/named-update-debug.log"; > # severity debug 3; > # print-category yes; > # print-severity yes; > # print-time yes; > # }; > # channel security_info { > # file "slaves/named-auth.info"; > # severity info; > # print-category yes; > # print-severity yes; > # print-time yes; > # }; > > # category update { update_debug; }; > # category security { security_info; }; > # }; > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users