1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

named

Discussion in 'Web and Network Services' started by hamba, Mar 17, 2009.

  1. hamba

    hamba New Member

    Messages:
    27
    Likes Received:
    0
    Hi

    I am having trouble with the default bind on my server, its telling me that the working dir is not writeable but I can't see where the problem is coming from, I've even compared the dirs to our secondary dns server and all of them looks the same and bind is working perfectly or I haven't noticed any strange dns problems because of this.

    I see this error every time I restart named
    Code:
    Mar 17 19:23:22 server01 named[66256]: starting BIND 9.4.3-P1 -4 -t /var/named -u bind
    Mar 17 19:23:22 server01 named[66256]: command channel listening on 127.0.0.1#953
    Mar 17 19:23:22 server01 named[66256]: the working directory is not writable
    Mar 17 19:23:22 server01 named[66256]: running
    Can anyone please point me in the right direction on where the problem is coming from.

    Thanks
    hamba
     
  2. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,662
    Likes Received:
    23
  3. hamba

    hamba New Member

    Messages:
    27
    Likes Received:
    0
    Hi

    Thanks for that link, I missed that the last time I did a search :S

    What they are talking about over there is about moving bind into a jail, in my case its all default and the named.conf is also just as default.

    Code:
    options {
        // Relative to the chroot directory, if any
        directory   "/etc/namedb";
        pid-file    "/var/run/named/pid";
        dump-file   "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
    ....
    I haven't changed anything that I know of that should affect bind in this way.
     
  4. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,662
    Likes Received:
    23
    Well, all I can say that I never get that error, and I simply chown'ed everything under /var/named, including /var/named itself, to bind:bind. I'm running BIND 9.6 from ports, replacing the base system BIND.

    This is the directory layout:

    Code:
    [ /var]# find named/ -type d | xargs ls -ld
    drwxr-xr-x  5 bind  bind  512 May  2  2008 named/
    dr-xr-xr-x  2 bind  bind  512 Feb 24  2008 named/dev
    drwxr-xr-x  3 bind  bind  512 May  2  2008 named/etc
    drwxr-xr-x  6 bind  bind  512 Mar 17 22:16 named/etc/namedb
    drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/etc/namedb/dynamic
    drwxr-xr-x  2 bind  bind  512 Mar 17 00:00 named/etc/namedb/log
    drwxr-xr-x  2 bind  bind  512 May  2  2008 named/etc/namedb/master
    drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/etc/namedb/slave
    drwxr-xr-x  6 bind  bind  512 May  2  2008 named/var
    drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/dump
    drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/log
    drwxr-xr-x  3 bind  bind  512 May  2  2008 named/var/run
    drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/run/named
    drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/stats
    
    ymmv
     
  5. trev

    trev New Member

    Messages:
    364
    Likes Received:
    0
    Here's the bind source code for that error...

    Code:
            /*
             * Check that the working directory is writable.
             */
            if (access(".", W_OK) != 0) {
                    isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
                                  NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
                                  "the working directory is not writable");
            }
    
    So the working directory really is not writable :)
     
  6. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,392
    Likes Received:
    7
    I have bind from the base running, nothing special. Here's my directory layout:
    Code:
    dice@maelcum:/etc>find /etc/namedb/ -type d | xargs ls -ld
    drwxr-xr-x  5 root  wheel  512 Feb 10 18:15 /etc/namedb/
    drwxr-xr-x  2 bind  wheel  512 Mar 18 09:28 /etc/namedb/dynamic
    drwxr-xr-x  2 root  wheel  512 Apr 14  2008 /etc/namedb/master
    drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /etc/namedb/slave
    dice@maelcum:/etc>find /var/named/ -type d | xargs ls -ld
    drwxr-xr-x  5 root  wheel  512 Dec 16  2007 /var/named/
    dr-xr-xr-x  4 root  wheel  512 Feb 10 18:19 /var/named/dev
    drwxr-xr-x  3 root  wheel  512 Dec 16  2007 /var/named/etc
    drwxr-xr-x  5 root  wheel  512 Feb 10 18:15 /var/named/etc/namedb
    drwxr-xr-x  2 bind  wheel  512 Mar 18 09:28 /var/named/etc/namedb/dynamic
    drwxr-xr-x  2 root  wheel  512 Apr 14  2008 /var/named/etc/namedb/master
    drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/etc/namedb/slave
    drwxr-xr-x  6 root  wheel  512 Dec 16  2007 /var/named/var
    drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/var/dump
    drwxr-xr-x  2 bind  wheel  512 Mar 17 08:08 /var/named/var/log
    drwxr-xr-x  3 bind  wheel  512 Mar  5 22:21 /var/named/var/run
    drwxr-xr-x  2 bind  wheel  512 Feb 10 18:19 /var/named/var/run/named
    drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/var/stats
    
    As you can see not everything is writable by bind. Only the directories it really needs to write in when running.
     
  7. hamba

    hamba New Member

    Messages:
    27
    Likes Received:
    0
    Hi

    I had a look and all my dirs looks fine here is the output
    Code:
    # find /etc/namedb/ -type d | xargs ls -ld
    drwxr-xr-x  5 root  wheel  512 Mar 17 20:41 /etc/namedb/
    drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /etc/namedb/dynamic
    drwxr-xr-x  2 root  wheel  512 Mar 13 11:59 /etc/namedb/master
    drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /etc/namedb/slave
    # find /var/named/ -type d | xargs ls -ld
    drwxr-xr-x  5 root  wheel  512 Jul 28  2008 /var/named/
    dr-xr-xr-x  4 root  wheel  512 Mar 18 09:44 /var/named/dev
    drwxr-xr-x  3 root  wheel  512 Aug  1  2008 /var/named/etc
    drwxr-xr-x  5 root  wheel  512 Mar 17 20:41 /var/named/etc/namedb
    drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/etc/namedb/dynamic
    drwxr-xr-x  2 root  wheel  512 Mar 13 11:59 /var/named/etc/namedb/master
    drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/etc/namedb/slave
    drwxr-xr-x  6 root  wheel  512 Jul 28  2008 /var/named/var
    drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/dump
    drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/log
    drwxr-xr-x  3 bind  wheel  512 Mar 18 09:44 /var/named/var/run
    drwxr-xr-x  2 bind  wheel  512 Mar 18 09:44 /var/named/var/run/named
    drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/stats
    I can't see any differences that would cause this error message
     
  8. bobveznat

    bobveznat New Member

    Messages:
    18
    Likes Received:
    0
    /var/named/etc/namedb needs to be writable for that error message to go away.

    I was getting this warning as well but just kept ignoring it. After chowning that directory to bind:bind the error has gone away. I think this is your problem as well.

    # chown -R bind:bind /var/named/etc/namedb
     
  9. hamba

    hamba New Member

    Messages:
    27
    Likes Received:
    0
    Thanks for the reply but I don't think that is the answer because after doing that and restarting named I get the following

    Code:
    # /etc/rc.d/named restart
    Stopping named.
    Waiting for PIDS: 67273.
    etc/namedb changed
            user expected 0 found 53 modified
            gid expected 0 found 53 modified
    etc/namedb/dynamic changed
            gid expected 0 found 53 modified
    etc/namedb/master changed
            user expected 0 found 53 modified
            gid expected 0 found 53 modified
    etc/namedb/slave changed
            gid expected 0 found 53 modified
    Starting named.
    and then everything is back to the way it was and I'm stuck with this error again
     
  10. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,392
    Likes Received:
    7
    I just re-checked my bind. I also get that message, everything works as it should though.
     
  11. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,662
    Likes Received:
    23
    My bind is blissfully silent, even though everything is bind:bind.

    Code:
    # /etc/rc.d/named restart
    Stopping named.
    Waiting for PIDS: 96857.
    Starting named.
    
    Code:
    Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.770 stopping command channel on 127.0.0.1#953
    Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.770 stopping command channel on ::1#953
    Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.814 exiting
    Mar 24 14:09:56 hail named[12778]: starting BIND 9.6.0-P1 -u bind
    Mar 24 14:09:56 hail named[12778]: built with '--localstatedir=/var' '--disable-linux-caps' '--with-randomdev=/dev/random' '--with-openssl=/usr/local' '--with-libxml2=/usr/local' '--without-idn' '--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info/' '--build=i386-portbld-freebsd7.1' 'build_alias=i386-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/local/lib' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -pipe'
    Mar 24 14:09:56 hail named[12778]: command channel listening on 127.0.0.1#953
    Mar 24 14:09:56 hail named[12778]: command channel listening on ::1#953
    Mar 24 14:09:57 hail named[12778]: 24-Mar-2009 14:09:57.056 running
    
    Mind:
    starting BIND 9.6.0-P1 -u bind

    rc.conf settings:

    Code:
    named_enable="YES"
    named_program="/usr/sbin/named"
    named_flags="-u bind"
    named_pidfile="/etc/namedb/named.pid"
    named_chrootdir=""
    named_chroot_autoupdate="NO"
    named_symlink_enable="NO"
    
     
  12. hamba

    hamba New Member

    Messages:
    27
    Likes Received:
    0
    Well I guess one solution would be to go to the ports version and forget about the default bind but it would be nice to know what is the cause of this problem.
     
  13. bobveznat

    bobveznat New Member

    Messages:
    18
    Likes Received:
    0
    Those messages almost seem to be saying that it knows, somehow, some way what the uid/gid used to be and it knows that they've changed.

    If I were you I'd be tempted to blow away (or mv aside) /var/named/*, set the permissions correctly, and then start bind. This is just a wild guess though. Take it with a grain of salt :)
     
  14. trev

    trev New Member

    Messages:
    364
    Likes Received:
    0
    Is it resolved if you (as root):

    Code:
    # cd /var/named/
    # chown bind:wheel .
    # chown -R bind:wheel *
    # chmod -R g+w *
    # chmod -R g+r *
    
     
  15. hamba

    hamba New Member

    Messages:
    27
    Likes Received:
    0
    nope,

    This time around it picked up on the chmod as well and changed them back to 0755
    Even by comparing named dirs to a system that doesn't use bind they all look the same.
     
  16. trev

    trev New Member

    Messages:
    364
    Likes Received:
    0
    Your machine is possessed! Are you sure this is a default install?

    I'm running BIND 9.4.2-P2 on FreeBSD 7.1-STABLE #17: Tue Feb 17 20:07:52 EST 2009 amd64 and I do not get any of the behaviour you are reporting, let alone the system "knowing" when file permissions have changed and then changing them back by itself. There's something else going on here.
     
  17. hamba

    hamba New Member

    Messages:
    27
    Likes Received:
    0
    maybe it is maybe it isn't
    I'm running FreeBSD 7.1-STABLE #0: Tue Mar 17 16:31:18 GMT 2009 GENERIC amd64
    Also there is an mtree thingy in /etc/mtree for bind
    Code:
    # cat /etc/mtree/BIND.chroot.dist
    # $FreeBSD: src/etc/mtree/BIND.chroot.dist,v 1.6 2004/11/04 05:24:29 gshapiro Exp $
    #
    # Please see the file src/etc/mtree/README before making changes to this file.
    #
    
    /set type=dir uname=root gname=wheel mode=0755
    .
        dev             mode=0555
        ..
        etc
            namedb
                dynamic uname=bind
                ..
                master
                ..
                slave   uname=bind
                ..
            ..
        ..
    /set type=dir uname=bind gname=wheel mode=0755
        var             uname=root
            dump
            ..
            log
            ..
            run
                named
                ..
            ..
            stats
            ..
        ..
    ..
    This is what I believe is chmod/chown the dirs back to defaults.
     
  18. SirDice

    SirDice Moderator Staff Member Moderator

    Messages:
    17,392
    Likes Received:
    7
    Not really, it's just what bind does.

    Hamba: It's actually a warning not an error. You can safely ignore it. Bind will work nonetheless.

    As far as I've been able to work it out it's a small bug in named. It checks for access at the wrong moment.

    http://www.archivum.info/bind-users@isc.org/2008-07/msg00340.html
     
  19. tiko

    tiko New Member

    Messages:
    32
    Likes Received:
    0
    I received the same warning message using the version of Bind included with 7.1-RELEASE and 7.2-STABLE; after installing the port from dns/bind96 the error cleared itself up with no changes on my part.