Red Hat Bugzilla – Bug 241872
On upgrade, /var/named perms get set wrong
Last modified: 2013-04-30 19:35:54 EDT
Description of problem: Whenever bind is updated, /var/named gets set as follows drwxr-x--- 5 root named 4096 May 31 09:29 named Bind runs as named and I normally set /var/named to 770 and named.named I'm not sure what is the really correct thing. But when it gets reset to the above, dns updates no longer work. May 31 11:23:07 XXXX named[1359]: dumping master file: tmp-X7sFlJmgOF: open: permission denied May 31 11:23:07 XXXX named[1359]: transfer of 'XXXX.XXXX/IN' from nnn.nnn.nnn.nnn#53: failed while receiving responses: permission denied May 31 11:23:07 XXXX named[1359]: transfer of 'XXXX.XXXX/IN' from nnn.nnn.nnn.nnn#53: end of transfer Resetting the directory to 770 named.named allows the updates to come through. Version-Release number of selected component (if applicable): bind-9.3.4-5.fc6 How reproducible: Seems to happen every bind update. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This is very delicate problem. For slave zones is primarily designed /var/named/slaves directory. But admins don't want use this directory and put slave zones simply into /var/named. Please restrict named as much as it possible (so put your zones into slaves directory). This policy increases security (exploit in zone transfer could corrupt your zone files if slave zones are in same directory as master zones etc...). If you insist on change perms of /var/named please reopen and I'm ready discuss it. Regards, Adam
Btw I think that you talk about issue with slave DNS, not with dynamic DNS (please see bug #239149)
Hi, Thanks for the info. Yes, your right, I was talking about slave DNS. I will now look at using /var/named/slaves (makes sense!) Cheers,