FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 02-09-2010, 07:59 AM
Mike Cloaked
 
Default F11 update issue

In today's updates there is a message during yum update for dnssec-conf:
Cleanup : dnssec-conf-1.21-2.fc11.noarch
11/15
sed: can't read /etc/pki/dnssec-keys/named.dnssec.keys: No such file or
directory

Then when restarting the named service there is an error that is associated
with this....

Is this just me or is it a bug?
--
View this message in context: http://n3.nabble.com/F11-update-issue-tp196205p196205.html
Sent from the Fedora Users mailing list archive at Nabble.com.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-09-2010, 08:59 AM
Andy Blanchard
 
Default F11 update issue

On 9 February 2010 08:59, Mike Cloaked <mike.cloaked@gmail.com> wrote:
>
> In today's updates there is a message during yum update for *dnssec-conf:
> *Cleanup * * * *: dnssec-conf-1.21-2.fc11.noarch
> 11/15
> sed: can't read /etc/pki/dnssec-keys/named.dnssec.keys: No such file or
> directory
>
> Then when restarting the named service there is an error that is associated
> with this....
>
> Is this just me or is it a bug?

Check to see whether the file exists and if so whether it is
accessible by the user or group "named" since your BIND will
presumably be dropping priviledges once loaded. If you are chrooted
as well, you may need to check both the chroot and non-chroot config
folder depending on when the file gets read.

This may not be down to the DNSSEC update from this morning though. I
had a couple of problems and errors after the last update of BIND on
F11 a few days back. It looks like that update moved some files
around (localhost zones) and reset some file and directory
permissions. The zone file issue was partly my problem as I wasn't
using the default F11 BIND names for legacy reasons (now fixed). I
run "rndc stats" and parse some of the output into MRTG every five
minutes, this was failing as the process was chrooted and the "named"
user and group had had their rights to the statistics file revoked.

--
Andy

The only person to have all his work done by Friday was Robinson Crusoe
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-09-2010, 11:06 AM
Mike Cloaked
 
Default F11 update issue

Andy Blanchard wrote:
>
>
> Check to see whether the file exists and if so whether it is
> accessible by the user or group "named" since your BIND will
> presumably be dropping priviledges once loaded. If you are chrooted
> as well, you may need to check both the chroot and non-chroot config
> folder depending on when the file gets read.
>
> This may not be down to the DNSSEC update from this morning though. I
> had a couple of problems and errors after the last update of BIND on
> F11 a few days back. It looks like that update moved some files
> around (localhost zones) and reset some file and directory
> permissions. The zone file issue was partly my problem as I wasn't
> using the default F11 BIND names for legacy reasons (now fixed). I
> run "rndc stats" and parse some of the output into MRTG every five
> minutes, this was failing as the process was chrooted and the "named"
> user and group had had their rights to the statistics file revoked.
>
>

Thank you Andy - this partly helps - I am running in a chroot and indeed the
file named.dnssec.keys
is in the /var/named/chroot/etc area and has lines which are not correct in
the chroot, namely
/etc/pki/dnssec-keys/production/bg.conf

After editing the file to make the paths correct pointing to
/var/named/chroot/etc/pki and so on I then see that there are lots of
references to files in /etc/pki/dnssec-keys/production/reverse

and when I checked this directory it is empty and was never populated by the
updated files during the yum update!

So I believe that the named update itself may be faulty with missing files,
unless someone else can confirm that they do have the necessary files:
include "/etc/pki/dnssec-keys/production/reverse/0.4.1.0.0.2.ip6.arpa.conf";
include "/etc/pki/dnssec-keys/production/reverse/0.a.2.ip6.arpa.conf";
include "/etc/pki/dnssec-keys/production/reverse/1.4.1.0.0.2.ip6.arpa.conf";
include "/etc/pki/dnssec-keys/production/reverse/109.in-addr.arpa.conf";

and many other similar lines in the directory
/etc/pki/dnssec-keys/production/reverse/ ?

Presumably the bind-chroot package ought to have also included files which
have appropriate paths in the files referred to when running in the chroot?
Despite this there appear to be missing files even outside the chroot, in
real /etc/pki/dnssec-keys/

It would be nice to get this sorted out. I don't think there are permissions
problems in my case though.


--
View this message in context: http://n3.nabble.com/F11-update-issue-tp196205p196387.html
Sent from the Fedora Users mailing list archive at Nabble.com.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 

Thread Tools




All times are GMT. The time now is 09:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org