Bug 245638 - DNS updates by dhcp are blocked by wrong permissions
DNS updates by dhcp are blocked by wrong permissions
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
7
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-25 16:13 EDT by David A. De Graaf
Modified: 2013-04-30 19:36 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-28 08:50:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description David A. De Graaf 2007-06-25 16:13:25 EDT
Description of problem:  dhcp cannot update dynamic assignments in
/var/named/chroot/var

Version-Release number of selected component (if applicable):
bind-chroot-9.3.4-5.fc6

How reproducible:
Pristine F7 has a basic permissions flaw.

Steps to Reproduce:
1. Configure dhcp.conf and named.conf to allow dynamic IP assignments and
updates to named data.

2. Have a new visiting computer come onto the network and be assigned an IP.

3. Note that 'host name' can find no data for this machine.

  
Actual results:  DNS data is not available for a new visitor machine.


Expected results:  DNS should be available after an IP is assigned.


Additional info:  The default permissions are:
# ll -d /var/named/chroot/var/named
drwxr-x--- 4 root named 4096 2007-05-24 10:55 /var/named/chroot/var/named/

The permissions should be:
# ll -d /var/named/chroot/var/named
drwxrwx--- 4 root named 4096 Jun 24 08:30 /var/named/chroot/var/named/

If group named is given write permissions, dhcp can write the necessary files:
# ll /var/named/chroot/var/named/*.jnl
-rw-r--r-- 1 named named 1847 Jun 24 08:18  \
   /var/named/chroot/var/named/192.168.2.jnl
-rw-r--r-- 1 named named 2291 Jun 24 08:18  \
   /var/named/chroot/var/named/datix.lan.jnl

and DNS data for the new machine will be found.  With the default permissions
the proper functioning of dhcp and named together is foiled.

This error has been around for years.  Please fix it.
Comment 1 Adam Tkac 2007-06-28 08:50:42 EDT
/var/named directory will have _never_ got rwxrwx--- perms. This could be big
security hazard. When you need dynamic DNS please see man named about
ENABLE_ZONE_WRITE parameter and about named_write_master_zones selinux boolean.
In Fedora 7 exists three directories where named could write - /var/named/data
(logs, stats etc), /var/named/slaves (for slave zones) and /var/named/dynamic
(for dynamic DNS zones). /var/named/dynamic directory is designed for your
purposes. Please put your zones there. You could also set
named_write_master_zones boolean and ENABLE_ZONE_WRITE parameter and then your
zones in /var/named could be writable. But this approach is deprecated and in
future Fedoras only data, slaves and dynamic directories could be writable.

Regards, Adam

Note You need to log in before you can comment on or make changes to this bug.