After leap 16 migration, named does not start

jimbobrae · May 26, 2026, 5:57pm

named (DNS) does not start:

# systemctl status named.service
× named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/etc/systemd/system/named.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Mon 2026-05-25 22:02:51 MST; 5s ago
 Invocation: 8586621c956c483a97356d73cf60bad0
    Process: 23549 ExecStartPre=/usr/lib/bind/named.prep (code=exited, status=0/SUCCESS)
    Process: 23551 ExecStart=/usr/sbin/named -u named $NAMED_ARGS (code=exited, status=1/FAILURE)
        CPU: 76ms

May 25 22:02:51 sma-server3.sma.com named[23552]: automatic empty zone: EMPTY.AS112.ARPA
May 25 22:02:51 sma-server3.sma.com named[23552]: automatic empty zone: HOME.ARPA
May 25 22:02:51 sma-server3.sma.com named[23552]: automatic empty zone: RESOLVER.ARPA
May 25 22:02:51 sma-server3.sma.com named[23552]: isc_file_isplainfile '/data01/var/log/named/named.log' failed: permission denied
May 25 22:02:51 sma-server3.sma.com named[23552]: configuring logging: permission denied
May 25 22:02:51 sma-server3.sma.com named[23552]: loading configuration: permission denied
May 25 22:02:51 sma-server3.sma.com named[23552]: exiting (due to fatal error)
May 25 22:02:51 sma-server3.sma.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
May 25 22:02:51 sma-server3.sma.com systemd[1]: named.service: Failed with result 'exit-code'.
May 25 22:02:51 sma-server3.sma.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).

I do not understand what the “permissions” are. The indicated files have named/named permissions. Are they related to SELinux (I had selected that during the migration)?

susejunky · May 26, 2026, 6:49pm

Have a look at SELinux Troubleshooting to rule out SELinux-related problems .

jimbobrae · May 26, 2026, 9:10pm

# setenforce 0
#

This set SELinux to “permissive.” And all of the previously aborted services started without a problem.

In fact this system exhibits the exact problem the site describes and requests a bug report about it.

mhurron · May 26, 2026, 11:41pm

It’s likely not a bug. It’s doubtful that /data01/var/log/named/named.log is labelled properly so SELinux is doing it’s job correctly.

jimbobrae · May 31, 2026, 6:28pm

The path is correct. Long, long ago I had a problem with log files running amok and filling all disk space on /. After that, where possible, I point log files to separate storage (/data01 in this case).

$ ll /etc/named.d/
total 24K
lrwxrwxrwx  1 root root   39 May 30 15:29 forwarders.conf -> /var/lib/named/etc/bind-forwarders.conf
$

The named problem was that the link in /etc/named.d/ pointed to a transient file in /var/run/netconfig/. No idea how that happened. It was fixed by two actions:

I disabled selinux.
The link now points to a permanent file.

malcolmlewis · May 31, 2026, 6:31pm

@jimbobrae Disabling SELinux, so no security… you should enable?

jimbobrae · May 31, 2026, 6:42pm

The migration from LEAP 15.6 to 16.0 was a mess, almost all if it due to selinux. After a week of clearing the errors, the system still does not boot properly: I must manually start the graphical interface.

There was no selinux in 15.6. And, for now, no selinux in 16.0.

malcolmlewis · May 31, 2026, 10:31pm

@jimbobrae but there was security=apparmor…

mhurron · June 1, 2026, 12:48am

That’s not what I said. I said that there is basically no way that file is labelled correctly. As in that’s how SELinux works. I’ll put money on them being labelled unconfined_t and the policy doesn’t have a rule to let named log to files that aren’t labelled named_log_t and they aren’t labelled that because you didn’t and the relabelling process didn’t because that is a very non-standard path.

system · June 8, 2026, 12:48am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.