I'm trying to look at the cache of my nameserver, and it keeps saying:
Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb'
Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied
A longer pathname would be nice. I'm assuming there's a directory
missing somewhere.
Bind9 isn't running chrooted; access to the zone files is fine, and
there's only a single copy of each of them on the computer.
'named_dump.db' (or any other dump.db) doesn't exist anywhere on the
computer. There's nothing in the configuration about where to put the
dump file,
This is a vanilla Debian install of a recursive, caching nameserver on a
DMZ.
Bind was saying it couldn't set the modify times of the slave zones
because of 'permission denied' until I deleted the files, changed the
serial on the master, and had the master notify.
Google tells me that the dump is written into /var/tmp, /var/named, and
someplace else I've forgotten. I created and/or set permissions on those
directories to 777. Same failure.
Any guidance will be greatly appreciated...
--
Glenn English
ghe@slsware.com
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-04-2009, 12:43 AM
Ken Teague
where is bind9's named_dump.db
Glenn English said the following on 2/3/2009 3:35 PM:
> I'm trying to look at the cache of my nameserver, and it keeps saying:
>
>> Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb'
>> Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied
>
> A longer pathname would be nice. I'm assuming there's a directory
> missing somewhere.
>
> Bind9 isn't running chrooted; access to the zone files is fine, and
> there's only a single copy of each of them on the computer.
>
> 'named_dump.db' (or any other dump.db) doesn't exist anywhere on the
> computer. There's nothing in the configuration about where to put the
> dump file,
>
> This is a vanilla Debian install of a recursive, caching nameserver on a
> DMZ.
>
> Bind was saying it couldn't set the modify times of the slave zones
> because of 'permission denied' until I deleted the files, changed the
> serial on the master, and had the master notify.
>
> Google tells me that the dump is written into /var/tmp, /var/named, and
> someplace else I've forgotten. I created and/or set permissions on those
> directories to 777. Same failure.
>
> Any guidance will be greatly appreciated...
dump-file is a quoted string defining the absolute path where BIND dumps
the database (cache) in response to a rndc dumpdb. If not specified, the
default is named_dump.db in the location specified by a directory
option. This option may only be specified in a 'global' options statement.
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All queries
from outside clients are refused using the allow-query option.
Alternatively, the same effect could be achieved using suitable firewall
rules.
// Two corporate subnets we wish to allow queries from.
acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
options {
directory "/etc/namedb"; // Working directory
allow-query { corpnets; };
};
...
dump-file
The pathname of the file the server dumps the database to when
instructed to do so with rndc dumpdb. If not specified, the default is
named_dump.db.
So, based on this, you specify where it resides in the config file with
a "directory" option.
- Ken
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-04-2009, 03:40 AM
ghe
where is bind9's named_dump.db
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ken Teague wrote:
> I found this which may help:
>
> dump-file
>
> dump-file path_name;
>
> dump-file is a quoted string defining the absolute path where BIND dumps
> the database (cache) in response to a rndc dumpdb. If not specified, the
> default is named_dump.db in the location specified by a directory
> option. This option may only be specified in a 'global' options statement.
Thank you so much, Ken. That solved the problem.
In /etc/default/ is a file that is sourced into the bind9 startup script
and causes bind9 to run as user 'bind'.
In named.conf.options, there is a directory option: /etc/bind. And the
permissions are indeed wrong for user 'bind' to write into:
drwxr-sr-x 2 root bind 4.0K 2009-02-03 20:59 bind
Adding 'dump-file "/tmp/named_dump.db"' to the named config options made
it work -- and put the file where I could find it. Something like this
(or changing permissions on the directory) must be done on Debian
systems if the 'rndc dumpdb' command is to work.
It occurs to me that the config from the .deb might not really need to
be so Byzantine.
- --
Glenn English
ghe@slsware.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-04-2009, 02:11 PM
Ken Teague
where is bind9's named_dump.db
Glenn English said the following on 2/3/2009 3:35 PM:
> I'm trying to look at the cache of my nameserver, and it keeps saying:
>
>> Feb 3 15:54:03 log named[20519]: received control channel command 'dumpdb'
>> Feb 3 15:54:03 log named[20519]: could not open dump file 'named_dump.db': permission denied
>
> A longer pathname would be nice. I'm assuming there's a directory
> missing somewhere.
While installing bind9, the output from dpkg said it wasn't going to
create /var/cache/bind, so I'm assuming it must have been there already
because it was there when I checked it just after the install of the
bind9 package using "apt-get install bind9"
> Bind9 isn't running chrooted; access to the zone files is fine, and
> there's only a single copy of each of them on the computer.
>
> 'named_dump.db' (or any other dump.db) doesn't exist anywhere on the
> computer. There's nothing in the configuration about where to put the
> dump file,
I'm guessing that you don't have a /var/cache/bind directory as this is
what your error indicates. Mine has permissions 775 (drwxrwxr-x), owned
by root and group ownership is bind.
I ran rndc dumpdb as root and the /var/cache/bind/named_dump.db file is
owned by bind and group ownership is bind with permissions 644
(-rw-r--r--). My named daemon is running as user bind so even though I
ran this command as root, it's the bind process & user that wrote the
file to disk.
deb32:~# ls -l /var/cache/bind
total 32
-rw-r--r-- 1 bind bind 30249 2009-02-03 22:53 named_dump.db
In Debian, most application caches fall under /var/cache.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
02-04-2009, 06:22 PM
Glenn English
where is bind9's named_dump.db
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ken Teague wrote:
> I'm guessing that you don't have a /var/cache/bind directory as this is
> what your error indicates. Mine has permissions 775 (drwxrwxr-x), owned
> by root and group ownership is bind.
Nope; it's there. That's where the zone files are, and bind writes in it
all the time. In my config, though, there's the statement 'directory
"/etc/bind"', so bind was trying to write in there. And it can't.
It's quite possible that I changed that statement back in the distant
past, for some reason that seemed good at the time. That'd explain a lot...
- --
Glenn English
ghe@slsware.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
where is bind9's named_dump.db
