Results 1 to 3 of 3

Thread: /usr/sbin/named (BIND DNS server; named.service) not working anymore due to directory access issues

Hybrid View

  1. #1

    Default /usr/sbin/named (BIND DNS server; named.service) not working anymore due to directory access issues

    I suspect that this is a 'capabilities' issue, rather than a simple file permissions problem.

    After upgrading Tumbleweed today, named.service (DNS server) doesn't run anymore. The error says:

    17-Feb-2020 20:12:37.313 loading configuration from '/etc/named.conf'
    17-Feb-2020 20:12:37.314 directory '/var/lib/named' is not writable
    17-Feb-2020 20:12:37.314 /etc/named.conf:21: parsing failed: permission denied
    17-Feb-2020 20:12:37.314 loading configuration: permission denied

    That directory has reasonable permissions and ownership:

    % ls -ld /var/lib/named
    drwxr-xr-x 1 named named 222 Feb 17 20:04 /var/lib/named

    Setting it to 775 doesn't fix things. However, setting it to 777 does, and gets me to the next problem:

    17-Feb-2020 20:13:57.888 managed-keys-directory '/var/lib/named/dyn/' is not writable
    17-Feb-2020 20:13:57.891 loading configuration: permission denied

    Looking at the run (via "strace named -g"), I don't see anything that looks like a permissions problem at all. No obvious errors, in fact.

    I tried disabling AppArmor (because that's almost always a cause of problems, at least for me), and that did nothing. I am NOT using SELinux. Before the upgrade ("zypper -n dup --no-recommends --auto-agree-with-licenses --replacefiles --allow-vendor-change"), the system was running correctly, including named.service.

    Here's the only (really horrible!) work-around I've found that brings named back to life:

    chmod 777 /var/lib/named /var/lib/named/dyn

    Obviously, that can't be a long-term solution. But at least I'm back up and running.

    I searched this forum and the bug reports to see if there was anything similar. I found nothing. I searched via google, and found users who had fat-fingered configuration files, but that's not the issue here. Something about the directory access or permissions model has gone haywire.

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,236
    Blog Entries
    1

    Default Re: /usr/sbin/named (BIND DNS server; named.service) not working anymore due to directory access iss

    Just speculating that you may have been impacted by recent changes with /etc/nsswitch.conf and other changes perhaps...
    http://dominique.leuenberger.net/blo...-week-2020-06/
    Two major sources for errors on user machines have been identified:
    • users ignoring *.rpmnew files and nor merging the config changes from packages into their own config (in this specific case for /etc/nsswitch.conf)
    • Some people seem to have removed even patterns-base-minimal_base, which resulted in those users not having libnss_usrfiles2 being pulled in. As a result, even if the config file was maintained/corrected, the services file could not be found.
    • Both issues are being attempted to be resolved: libnss_usrfiles2 is not only required by the pattern, but also by netcfg (netcfg sets the default config, so we thought this is the best point) and aaa_base tries to correct /etc/nsswitch.conf (but that results in ursfiles being added again, even if the user would have explicitly removed it)
    openSUSE Leap 15.1; KDE Plasma 5

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,236
    Blog Entries
    1

    Default Re: /usr/sbin/named (BIND DNS server; named.service) not working anymore due to directory access iss

    Recent mailing list discussion thread that may be of interest...
    https://lists.opensuse.org/opensuse-.../msg00029.html
    openSUSE Leap 15.1; KDE Plasma 5

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •