FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-03-2009, 10:35 PM
Glenn English
 
Default where is bind9's named_dump.db

I'm trying to look at the cache of my nameserver, and it keeps saying:


Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb'
Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied


A longer pathname would be nice. I'm assuming there's a directory
missing somewhere.


Bind9 isn't running chrooted; access to the zone files is fine, and
there's only a single copy of each of them on the computer.


'named_dump.db' (or any other dump.db) doesn't exist anywhere on the
computer. There's nothing in the configuration about where to put the
dump file,


This is a vanilla Debian install of a recursive, caching nameserver on a
DMZ.


Bind was saying it couldn't set the modify times of the slave zones
because of 'permission denied' until I deleted the files, changed the
serial on the master, and had the master notify.


Google tells me that the dump is written into /var/tmp, /var/named, and
someplace else I've forgotten. I created and/or set permissions on those
directories to 777. Same failure.


Any guidance will be greatly appreciated...

--
Glenn English
ghe@slsware.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-04-2009, 12:43 AM
Ken Teague
 
Default where is bind9's named_dump.db

Glenn English said the following on 2/3/2009 3:35 PM:
> I'm trying to look at the cache of my nameserver, and it keeps saying:
>
>> Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb'
>> Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied
>
> A longer pathname would be nice. I'm assuming there's a directory
> missing somewhere.
>
> Bind9 isn't running chrooted; access to the zone files is fine, and
> there's only a single copy of each of them on the computer.
>
> 'named_dump.db' (or any other dump.db) doesn't exist anywhere on the
> computer. There's nothing in the configuration about where to put the
> dump file,
>
> This is a vanilla Debian install of a recursive, caching nameserver on a
> DMZ.
>
> Bind was saying it couldn't set the modify times of the slave zones
> because of 'permission denied' until I deleted the files, changed the
> serial on the master, and had the master notify.
>
> Google tells me that the dump is written into /var/tmp, /var/named, and
> someplace else I've forgotten. I created and/or set permissions on those
> directories to 777. Same failure.
>
> Any guidance will be greatly appreciated...

I found this which may help:

http://74.125.95.132/search?q=cache:LxjQIPz3oNgJ:zytrax.com/books/dns/ch7/hkpng.html+named_dump.db+path&hl=en&ct=clnk&cd=3&g l=us&client=firefox-a

dump-file

dump-file path_name;

dump-file is a quoted string defining the absolute path where BIND dumps
the database (cache) in response to a rndc dumpdb. If not specified, the
default is named_dump.db in the location specified by a directory
option. This option may only be specified in a 'global' options statement.


https://www.isc.org/software/bind/documentation/arm94

Sample Configurations
A Caching-only Name Server

The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All queries
from outside clients are refused using the allow-query option.
Alternatively, the same effect could be achieved using suitable firewall
rules.

// Two corporate subnets we wish to allow queries from.
acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
options {
directory "/etc/namedb"; // Working directory
allow-query { corpnets; };
};

...

dump-file

The pathname of the file the server dumps the database to when
instructed to do so with rndc dumpdb. If not specified, the default is
named_dump.db.


So, based on this, you specify where it resides in the config file with
a "directory" option.

- Ken


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-04-2009, 03:40 AM
ghe
 
Default where is bind9's named_dump.db

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ken Teague wrote:

> I found this which may help:
>
> dump-file
>
> dump-file path_name;
>
> dump-file is a quoted string defining the absolute path where BIND dumps
> the database (cache) in response to a rndc dumpdb. If not specified, the
> default is named_dump.db in the location specified by a directory
> option. This option may only be specified in a 'global' options statement.

Thank you so much, Ken. That solved the problem.

In /etc/default/ is a file that is sourced into the bind9 startup script
and causes bind9 to run as user 'bind'.

In named.conf.options, there is a directory option: /etc/bind. And the
permissions are indeed wrong for user 'bind' to write into:

drwxr-sr-x 2 root bind 4.0K 2009-02-03 20:59 bind

Adding 'dump-file "/tmp/named_dump.db"' to the named config options made
it work -- and put the file where I could find it. Something like this
(or changing permissions on the directory) must be done on Debian
systems if the 'rndc dumpdb' command is to work.

It occurs to me that the config from the .deb might not really need to
be so Byzantine.

- --
Glenn English
ghe@slsware.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmJHFEACgkQ04yQfZbbTLbTgACfdspNesez5U aLFtpxljjrhFCV
xrYAninjGAq29qI1oVQyWb79lsHqjhje
=xiv+
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-04-2009, 02:11 PM
Ken Teague
 
Default where is bind9's named_dump.db

Glenn English said the following on 2/3/2009 3:35 PM:
> I'm trying to look at the cache of my nameserver, and it keeps saying:
>
>> Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb'
>> Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied
>
> A longer pathname would be nice. I'm assuming there's a directory
> missing somewhere.

While installing bind9, the output from dpkg said it wasn't going to
create /var/cache/bind, so I'm assuming it must have been there already
because it was there when I checked it just after the install of the
bind9 package using "apt-get install bind9"


> Bind9 isn't running chrooted; access to the zone files is fine, and
> there's only a single copy of each of them on the computer.
>
> 'named_dump.db' (or any other dump.db) doesn't exist anywhere on the
> computer. There's nothing in the configuration about where to put the
> dump file,

I'm guessing that you don't have a /var/cache/bind directory as this is
what your error indicates. Mine has permissions 775 (drwxrwxr-x), owned
by root and group ownership is bind.

deb32:~# ls -ld /var/cache/bind
drwxrwxr-x 2 root bind 4096 2009-02-03 22:53 /var/cache/bind

I ran rndc dumpdb as root and the /var/cache/bind/named_dump.db file is
owned by bind and group ownership is bind with permissions 644
(-rw-r--r--). My named daemon is running as user bind so even though I
ran this command as root, it's the bind process & user that wrote the
file to disk.

deb32:~# ls -l /var/cache/bind
total 32
-rw-r--r-- 1 bind bind 30249 2009-02-03 22:53 named_dump.db


In Debian, most application caches fall under /var/cache.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-04-2009, 06:22 PM
Glenn English
 
Default where is bind9's named_dump.db

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ken Teague wrote:

> I'm guessing that you don't have a /var/cache/bind directory as this is
> what your error indicates. Mine has permissions 775 (drwxrwxr-x), owned
> by root and group ownership is bind.

Nope; it's there. That's where the zone files are, and bind writes in it
all the time. In my config, though, there's the statement 'directory
"/etc/bind"', so bind was trying to write in there. And it can't.

It's quite possible that I changed that statement back in the distant
past, for some reason that seemed good at the time. That'd explain a lot...

- --
Glenn English
ghe@slsware.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmJ6wcACgkQ04yQfZbbTLbmAgCfcEpytV6cju ItOV5+xMhXrqul
K8cAnA/1Eis8iHA6Tm+rpfSlvg3fGf/l
=/HBW
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 06:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org