where is bind9's named_dump.db
I'm trying to look at the cache of my nameserver, and it keeps saying:
Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb' Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied A longer pathname would be nice. I'm assuming there's a directory missing somewhere. Bind9 isn't running chrooted; access to the zone files is fine, and there's only a single copy of each of them on the computer. 'named_dump.db' (or any other dump.db) doesn't exist anywhere on the computer. There's nothing in the configuration about where to put the dump file, This is a vanilla Debian install of a recursive, caching nameserver on a DMZ. Bind was saying it couldn't set the modify times of the slave zones because of 'permission denied' until I deleted the files, changed the serial on the master, and had the master notify. Google tells me that the dump is written into /var/tmp, /var/named, and someplace else I've forgotten. I created and/or set permissions on those directories to 777. Same failure. Any guidance will be greatly appreciated... -- Glenn English ghe@slsware.com -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
where is bind9's named_dump.db
Glenn English said the following on 2/3/2009 3:35 PM:
> I'm trying to look at the cache of my nameserver, and it keeps saying: > >> Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb' >> Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied > > A longer pathname would be nice. I'm assuming there's a directory > missing somewhere. > > Bind9 isn't running chrooted; access to the zone files is fine, and > there's only a single copy of each of them on the computer. > > 'named_dump.db' (or any other dump.db) doesn't exist anywhere on the > computer. There's nothing in the configuration about where to put the > dump file, > > This is a vanilla Debian install of a recursive, caching nameserver on a > DMZ. > > Bind was saying it couldn't set the modify times of the slave zones > because of 'permission denied' until I deleted the files, changed the > serial on the master, and had the master notify. > > Google tells me that the dump is written into /var/tmp, /var/named, and > someplace else I've forgotten. I created and/or set permissions on those > directories to 777. Same failure. > > Any guidance will be greatly appreciated... I found this which may help: http://74.125.95.132/search?q=cache:LxjQIPz3oNgJ:zytrax.com/books/dns/ch7/hkpng.html+named_dump.db+path&hl=en&ct=clnk&cd=3&g l=us&client=firefox-a dump-file dump-file path_name; dump-file is a quoted string defining the absolute path where BIND dumps the database (cache) in response to a rndc dumpdb. If not specified, the default is named_dump.db in the location specified by a directory option. This option may only be specified in a 'global' options statement. https://www.isc.org/software/bind/documentation/arm94 Sample Configurations A Caching-only Name Server The following sample configuration is appropriate for a caching-only name server for use by clients internal to a corporation. All queries from outside clients are refused using the allow-query option. Alternatively, the same effect could be achieved using suitable firewall rules. // Two corporate subnets we wish to allow queries from. acl corpnets { 192.168.4.0/24; 192.168.7.0/24; }; options { directory "/etc/namedb"; // Working directory allow-query { corpnets; }; }; ... dump-file The pathname of the file the server dumps the database to when instructed to do so with rndc dumpdb. If not specified, the default is named_dump.db. So, based on this, you specify where it resides in the config file with a "directory" option. - Ken -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
where is bind9's named_dump.db
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Ken Teague wrote: > I found this which may help: > > dump-file > > dump-file path_name; > > dump-file is a quoted string defining the absolute path where BIND dumps > the database (cache) in response to a rndc dumpdb. If not specified, the > default is named_dump.db in the location specified by a directory > option. This option may only be specified in a 'global' options statement. Thank you so much, Ken. That solved the problem. In /etc/default/ is a file that is sourced into the bind9 startup script and causes bind9 to run as user 'bind'. In named.conf.options, there is a directory option: /etc/bind. And the permissions are indeed wrong for user 'bind' to write into: drwxr-sr-x 2 root bind 4.0K 2009-02-03 20:59 bind Adding 'dump-file "/tmp/named_dump.db"' to the named config options made it work -- and put the file where I could find it. Something like this (or changing permissions on the directory) must be done on Debian systems if the 'rndc dumpdb' command is to work. It occurs to me that the config from the .deb might not really need to be so Byzantine. - -- Glenn English ghe@slsware.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmJHFEACgkQ04yQfZbbTLbTgACfdspNesez5U aLFtpxljjrhFCV xrYAninjGAq29qI1oVQyWb79lsHqjhje =xiv+ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
where is bind9's named_dump.db
Glenn English said the following on 2/3/2009 3:35 PM:
> I'm trying to look at the cache of my nameserver, and it keeps saying: > >> Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb' >> Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied > > A longer pathname would be nice. I'm assuming there's a directory > missing somewhere. While installing bind9, the output from dpkg said it wasn't going to create /var/cache/bind, so I'm assuming it must have been there already because it was there when I checked it just after the install of the bind9 package using "apt-get install bind9" > Bind9 isn't running chrooted; access to the zone files is fine, and > there's only a single copy of each of them on the computer. > > 'named_dump.db' (or any other dump.db) doesn't exist anywhere on the > computer. There's nothing in the configuration about where to put the > dump file, I'm guessing that you don't have a /var/cache/bind directory as this is what your error indicates. Mine has permissions 775 (drwxrwxr-x), owned by root and group ownership is bind. deb32:~# ls -ld /var/cache/bind drwxrwxr-x 2 root bind 4096 2009-02-03 22:53 /var/cache/bind I ran rndc dumpdb as root and the /var/cache/bind/named_dump.db file is owned by bind and group ownership is bind with permissions 644 (-rw-r--r--). My named daemon is running as user bind so even though I ran this command as root, it's the bind process & user that wrote the file to disk. deb32:~# ls -l /var/cache/bind total 32 -rw-r--r-- 1 bind bind 30249 2009-02-03 22:53 named_dump.db In Debian, most application caches fall under /var/cache. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
where is bind9's named_dump.db
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Ken Teague wrote: > I'm guessing that you don't have a /var/cache/bind directory as this is > what your error indicates. Mine has permissions 775 (drwxrwxr-x), owned > by root and group ownership is bind. Nope; it's there. That's where the zone files are, and bind writes in it all the time. In my config, though, there's the statement 'directory "/etc/bind"', so bind was trying to write in there. And it can't. It's quite possible that I changed that statement back in the distant past, for some reason that seemed good at the time. That'd explain a lot... - -- Glenn English ghe@slsware.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmJ6wcACgkQ04yQfZbbTLbmAgCfcEpytV6cju ItOV5+xMhXrqul K8cAnA/1Eis8iHA6Tm+rpfSlvg3fGf/l =/HBW -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
| All times are GMT. The time now is 12:56 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.