running bind-chroot the config-check does not recognize that directory "/var/named"; starts physically under /var/named/chroot/ and so include "zones-home-ptr/config.dns"; is correct because if you use the real fs-path bind would not start ____________________________ [root@ns2:~]$ named-checkconf /etc/named.conf:174: open: zones-home-ptr/config.dns: file not found [root@ns2:~]$ locate config.dns /var/named/chroot/var/named/zones-home-ptr/config.dns
You have to pass the "-t <rootdir>" argument to named-checkconf: `man 8 named-checkconf` says: ... -t directory Chroot to directory so that include directives in the configuration file are processed as if run by a similarly chrooted named. ... After that everything should work as expected. Closing.
but the chroot is the default and rkhunter is checking this also (both fedora packages)
(In reply to comment #2) > but the chroot is the default and rkhunter is checking this also (both fedora > packages) Right you are. However I cannot change default behaviour of named-checkconf because it will be too big divergence from upstream. Another possible solution is to re-add the "checkconfig" target to the initscript to F14 (it is already present in F15 initscript). The initscript can automatically add the -t option to the named-checkconf so everything is OK. If you want the "checkconfig" target in the F14, please reopen this bug and I will add it.
i think this would make sense because it is odd that rkhunter warns about inconsistent named-configuration