Bug 247870 - DDNS journal cannot be created
DDNS journal cannot be created
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: system-config-bind (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Jaroslav Reznik
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-11 15:52 EDT by mail@romal.de
Modified: 2009-07-14 14:02 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-14 14:02:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
config-files for bind (190.84 KB, application/x-gzip)
2007-07-12 15:09 EDT, mail@romal.de
no flags Details

  None (edit)
Description mail@romal.de 2007-07-11 15:52:37 EDT
Description of problem:

DDNS updates from DHCPd to BIND causes BIND to create a journal file. This
journal file cannot be created.

http://www.isc.org/sw/bind/arm95/Bv9ARM.ch04.html#journal

selinux is disabled.

Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

from /var/log/messages

Jul 11 04:56:26 nass named[17935]: running
Jul 11 04:56:41 nass named[17935]: client 127.0.0.1#32807: updating zone
'vorlon.lan/IN': adding an RR at 'OpenEar.vorlon.lan' A
Jul 11 04:56:41 nass named[17935]: client 127.0.0.1#32807: updating zone
'vorlon.lan/IN': adding an RR at 'OpenEar.vorlon.lan' TXT
Jul 11 04:56:41 nass named[17935]: journal file vorlon.lan.db.jnl does not
exist, creating it
Jul 11 04:56:41 nass named[17935]: vorlon.lan.db.jnl: create: permission denied
Jul 11 04:56:41 nass named[17935]: client 127.0.0.1#32807: updating zone
'vorlon.lan/IN': error: journal open failed: unexpected error
Jul 11 04:56:41 nass dhcpd: Unable to add forward map from OpenEar.vorlon.lan.
to 192.168.1.170: timed out
Jul 11 04:56:41 nass dhcpd: DHCPREQUEST for 192.168.1.170 from 00:30:65:52:2d:ae
(OpenEar) via eth0
Jul 11 04:56:41 nass dhcpd: DHCPACK on 192.168.1.170 to 00:30:65:52:2d:ae
(OpenEar) via eth0
Comment 1 Adam Tkac 2007-07-12 10:13:55 EDT
Where exactly is located your zone file? Also could you please attach your zone
configuration? Please see named manpage, especially Red Hat Security profile.
For this zones are primarily designed /var/named/dynamic directory. If you put
your DDNS zones into this directory all works as expected. You could also
specify ENABLE_ZONE_WRITE parameter but this approach is obsoleted and is
dropped in rawhide now.

Adam
Comment 2 mail@romal.de 2007-07-12 15:09:06 EDT
Created attachment 159088 [details]
config-files for bind
Comment 3 mail@romal.de 2007-07-12 15:12:50 EDT
All configuration was done with Redhats bind-gui, therefore the zone-files
(vorlon.lan.db) is located in /var/named/chroot/var/named .
Comment 4 Adam Tkac 2007-07-13 03:16:53 EDT
It's standard misconfiguration. Named will never write into /var/named
directory. This improves security (when someone exploits vulnerability in named
your master zone will not be corrupted). So you have to put writable things into
subdirectories (/var/named/dynamic for DDNS zones, /var/named/slaves for slave
zone files and /var/named/data for logs etc). Please put your zones into
${rootdir}/var/named/dynamic and all could work as expected

Adam
Comment 5 mail@romal.de 2007-07-13 15:48:55 EDT
Shouldn`t the gui-tool for named put the files in the "correct" place ?

romal
Comment 6 Adam Tkac 2007-07-16 02:53:57 EDT
(In reply to comment #5)
> Shouldn`t the gui-tool for named put the files in the "correct" place ?
> 
> romal
> 

Could be. Reassigning to system-config-bind. Please put all Dynamic DNS zones
into /vat/named/dynamic subdirectory (in Fedora >= 7)

Thanks, Adam
Comment 7 Gene Czarcinski 2008-04-26 12:14:34 EDT
OK, my experience is based on Fedora 8 with maintenance as of the date of this
report.

s-c-bind, bind/bin-chroot, dhcpd, and selinux mostly work now although s-c-bind
has some errors I will be reporting ... it really needs an "owner".

1. The dhcpd, named-chroot, selinux problem where dhcpd could not access/read
the /etc/rndc.key file is now fixed ... dhcpd will issue the updates to named.

2. Assuming you are using rndckey to protect named updating (allow-update
specified for the zone), sometimes the zone will be moved to slaves and
sometimes not (bug will be reported in another report).  After the move to
slaves, the zone file has the wrong selinux context with restorecon will fix
that.  You also need to change the ownership from root to named.

While s-c-bind is better than nothing, it needs some work!  Specifically, it
needs to be aware of the bind-chroot directory configuration as well as working
properly with selinux (incorrect context in slaves).
Comment 8 Bug Zapper 2008-05-14 09:31:07 EDT
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
http://docs.fedoraproject.org/release-notes/

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 10 Bug Zapper 2008-06-16 21:51:32 EDT
Fedora 7 changed to end-of-life (EOL) status on June 13, 2008. 
Fedora 7 is no longer maintained, which means that it will not 
receive any further security or bug fix updates. As a result we 
are closing this bug. 

If you can reproduce this bug against a currently maintained version 
of Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 11 mail@romal.de 2008-06-19 02:29:20 EDT
This bug is still present in F9.
Comment 12 Bug Zapper 2009-06-09 18:42:44 EDT
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 13 Bug Zapper 2009-07-14 14:02:38 EDT
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.