I gave up porting a chroot bind setup from previous Fedora installations
to the preferred chroot-less configuration in Fedora 11 and decided just
to start from scratch.  Unfortunately, I haven't been able to get that
working, either.

named seems to start okay:

        [r...@front etc]# service named restart
        Stopping named: [OK]
        Starting named: [OK]

... and I see this in /var/log/messages:

        Aug  8 19:59:53 front named[2106]: starting BIND 
9.6.1-P1-RedHat-9.6.1-4.P1.fc11 -u named
        Aug  8 19:59:53 front named[2106]: built with 
'--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' 
'--target=i586-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' 
'--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' 
'--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' 
'--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' 
'--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 
'host_alias=i386-redhat-linux-gnu' 'target_alias=i586-redhat-linux-gnu' 
'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i586 -mtune=generic 
-fasynch
 ronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'
        Aug  8 19:59:53 front named[2106]: adjusted limit on open files from 
1024 to 1048576
        Aug  8 19:59:53 front named[2106]: found 1 CPU, using 1 worker thread
        Aug  8 19:59:53 front named[2106]: using up to 4096 sockets
        Aug  8 19:59:53 front named[2106]: loading configuration from 
'/etc/named.conf'
        Aug  8 19:59:53 front named[2106]: using default UDP/IPv4 port range: 
[1024, 65535]
        Aug  8 19:59:53 front named[2106]: using default UDP/IPv6 port range: 
[1024, 65535]
        Aug  8 19:59:53 front named[2106]: listening on IPv4 interface lo, 
127.0.0.1#53
        Aug  8 19:59:53 front named[2106]: listening on IPv6 interface lo, 
::1#53
        Aug  8 19:59:53 front named[2106]: automatic empty zone: 
127.IN-ADDR.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: 
254.169.IN-ADDR.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: 
2.0.192.IN-ADDR.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: 
255.255.255.255.IN-ADDR.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: D.F.IP6.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: 8.E.F.IP6.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: 9.E.F.IP6.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: A.E.F.IP6.ARPA
        Aug  8 19:59:53 front named[2106]: automatic empty zone: B.E.F.IP6.ARPA
        Aug  8 19:59:53 front named[2106]: command channel listening on 
127.0.0.1#953
        Aug  8 19:59:53 front named[2106]: command channel listening on ::1#953
        Aug  8 19:59:53 front named[2106]: the working directory is not writable
        Aug  8 19:59:53 front named[2106]: zone 0.in-addr.arpa/IN: NS 
'0.in-addr.arpa' has no address records (A or AAAA)
        Aug  8 19:59:53 front named[2106]: zone 0.in-addr.arpa/IN: loaded 
serial 0
        Aug  8 19:59:53 front named[2106]: zone 1.0.0.127.in-addr.arpa/IN: NS 
'1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
        Aug  8 19:59:53 front named[2106]: zone 1.0.0.127.in-addr.arpa/IN: 
loaded serial 0
        Aug  8 19:59:53 front named[2106]: zone 1.168.192.IN-ADDR.ARPA/IN: 
loaded serial 3
        Aug  8 19:59:53 front named[2106]: zone 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS 
'1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has 
no address records (A or AAAA)
        Aug  8 19:59:53 front named[2106]: zone 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: 
loaded serial 0
        Aug  8 19:59:53 front named[2106]: zone localhost.localdomain/IN: 
loaded serial 0
        Aug  8 19:59:53 front named[2106]: zone localhost/IN: loaded serial 0
        Aug  8 19:59:53 front named[2106]: zone endoframe.net/IN: loaded serial 
3
        Aug  8 19:59:53 front named[2106]: running

But it doesn't seem to be working:

        [r...@front etc]# ssh front
        ssh: Could not resolve hostname front: Name or service not known
        [r...@front etc]# hostname
        front.endoframe.net
        [r...@front etc]# 

Is "the working directory is not writable" (from /var/log/messages
output, above) cause for concern?  What directory is it referring to?

I deal with this stuff infrequently enough that I've quite likely
overlooked something silly.  I created entries for my machines using
system-config-bind; what follows are (what I hope are the) relevant
resulting configuration files.  Hopefully some glaring error or omission
will jump out at someone:

        # cat /etc/named.conf:
        //
        // named.conf
        //
        // Provided by Red Hat bind package to configure the ISC BIND named(8) 
DNS
        // server as a caching only nameserver (as a localhost DNS resolver 
only).
        //
        // See /usr/share/doc/bind*/sample/ for example named configuration 
files.
        //
        
        
        options {
                listen-on port 53 { 127.0.0.1; };
                listen-on-v6 port 53 { ::1; };
                directory       "/var/named";
                dump-file       "/var/named/data/cache_dump.db";
                statistics-file "/var/named/data/named_stats.txt";
                memstatistics-file "/var/named/data/named_mem_stats.txt";
                allow-query     { localhost; };
                recursion yes;
                dnssec-enable yes;
                dnssec-validation yes;
                dnssec-lookaside . trust-anchor dlv.isc.org.;
        };
        
        logging {
                channel default_debug {
                        file "data/named.run";
                        severity dynamic;
                };
        };
        
        zone "1.168.192.IN-ADDR.ARPA." IN {
                type master;
                file "192.168.1.db";
        };
        zone "endoframe.net." IN {
                type master;
                file "endoframe.net.db";
        };
        zone "." IN {
                type hint;
                file "named.ca";
        };
        
        include "/etc/named.rfc1912.zones";
        
        include "/etc/pki/dnssec-keys//named.dnssec.keys";
        include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";


        # cat /var/named/endoframe.net.db
        $TTL 1H 
        @       SOA     localhost.      root.localhost. (       3
                                                        3H
                                                        1H
                                                        1W
                                                        1H )
                        NS      localhost.      
        front   IN      1H      A       192.168.1.20    
        hinge   IN      1H      A       192.168.1.21    
        door    IN      1H      A       192.168.1.1     
        glyph   IN      1H      A       192.168.1.10    
        chime   IN      1H      A       192.168.1.22    
        stile   IN      1H      A       192.168.1.24    
        bolt    IN      1H      A       192.168.1.25    


        # cat /var/named/192.168.1.db
        $TTL 1H 
        @       SOA     localhost.      root.localhost. (       3
                                                        3H
                                                        1H
                                                        1W
                                                        1H )
                        NS      localhost.      
        20      PTR     front.endoframe.net.    
        21      PTR     hinge.endoframe.net.    
        1       PTR     door.endoframe.net.     
        10      PTR     glyph.endoframe.net.    
        22      PTR     chime.endoframe.net.    
        24      PTR     stile.endoframe.net.    
        25      PTR     bolt.endoframe.net.     


-- 
Braden McDaniel <bra...@endoframe.com>


-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Reply via email to