From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux) KHTML/3.2.3 (like Gecko) Description of problem: chroot named will not allow transfers: named[2476]: dumping master file: tmp-Vs1ARVTUWq: open: permission denied named[2476]: transfer of '<domain>/IN' from <IP ADDRESS>#53: failed while receiving responses: permission denied named appears to have access to appropriate directories in /var/named/chroot through membership in group "named": ls -l /var/named/chroot total 24 drwxrwxr-- 2 root named 4096 Jul 19 08:56 dev drwxrwx--- 2 root named 4096 Jul 19 08:56 etc dr-xr-xr-x 167 root root 0 Jul 23 02:18 proc drwxrwx--- 5 root named 4096 Mar 13 2003 var Version-Release number of selected component (if applicable): bind-chroot-9.3.1-8.FC4 How reproducible: Always Steps to Reproduce: 1. 2. 3. Additional info:
The problem appears to be that /var/named/chroot/var/named did not have group write permissions, and the configuration transferred from the master server was storing slave zone files in /var/named/chroot/var/named instead of /var/named/chroot/var/named/slaves. Consider documenting this somewhere?
This is documented - see 'man named' section NOTES, "Red Hat SELinux BIND Security Profile", and 'man named_selinux' .