named

Hi

I am having trouble with the default bind on my server, its telling me that the working dir is not writeable but I can't see where the problem is coming from, I've even compared the dirs to our secondary dns server and all of them looks the same and bind is working perfectly or I haven't noticed any strange dns problems because of this.

I see this error every time I restart named
Code:
Mar 17 19:23:22 server01 named[66256]: starting BIND 9.4.3-P1 -4 -t /var/named -u bind
Mar 17 19:23:22 server01 named[66256]: command channel listening on 127.0.0.1#953
Mar 17 19:23:22 server01 named[66256]: the working directory is not writable
Mar 17 19:23:22 server01 named[66256]: running

Can anyone please point me in the right direction on where the problem is coming from.

Thanks
hamba
 
Hi

Thanks for that link, I missed that the last time I did a search :S

What they are talking about over there is about moving bind into a jail, in my case its all default and the named.conf is also just as default.

Code:
options {
    // Relative to the chroot directory, if any
    directory   "/etc/namedb";
    pid-file    "/var/run/named/pid";
    dump-file   "/var/dump/named_dump.db";
    statistics-file "/var/stats/named.stats";
....

I haven't changed anything that I know of that should affect bind in this way.
 
Well, all I can say that I never get that error, and I simply chown'ed everything under /var/named, including /var/named itself, to bind:bind. I'm running BIND 9.6 from ports, replacing the base system BIND.

This is the directory layout:

Code:
[ /var]# find named/ -type d | xargs ls -ld
drwxr-xr-x  5 bind  bind  512 May  2  2008 named/
dr-xr-xr-x  2 bind  bind  512 Feb 24  2008 named/dev
drwxr-xr-x  3 bind  bind  512 May  2  2008 named/etc
drwxr-xr-x  6 bind  bind  512 Mar 17 22:16 named/etc/namedb
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/etc/namedb/dynamic
drwxr-xr-x  2 bind  bind  512 Mar 17 00:00 named/etc/namedb/log
drwxr-xr-x  2 bind  bind  512 May  2  2008 named/etc/namedb/master
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/etc/namedb/slave
drwxr-xr-x  6 bind  bind  512 May  2  2008 named/var
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/dump
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/log
drwxr-xr-x  3 bind  bind  512 May  2  2008 named/var/run
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/run/named
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/stats

ymmv
 
Here's the bind source code for that error...

Code:
        /*
         * Check that the working directory is writable.
         */
        if (access(".", W_OK) != 0) {
                isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
                              NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
                              "the working directory is not writable");
        }

So the working directory really is not writable :)
 
I have bind from the base running, nothing special. Here's my directory layout:
Code:
dice@maelcum:/etc>find /etc/namedb/ -type d | xargs ls -ld
drwxr-xr-x  5 root  wheel  512 Feb 10 18:15 /etc/namedb/
drwxr-xr-x  2 bind  wheel  512 Mar 18 09:28 /etc/namedb/dynamic
drwxr-xr-x  2 root  wheel  512 Apr 14  2008 /etc/namedb/master
drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /etc/namedb/slave
dice@maelcum:/etc>find /var/named/ -type d | xargs ls -ld
drwxr-xr-x  5 root  wheel  512 Dec 16  2007 /var/named/
dr-xr-xr-x  4 root  wheel  512 Feb 10 18:19 /var/named/dev
drwxr-xr-x  3 root  wheel  512 Dec 16  2007 /var/named/etc
drwxr-xr-x  5 root  wheel  512 Feb 10 18:15 /var/named/etc/namedb
drwxr-xr-x  2 bind  wheel  512 Mar 18 09:28 /var/named/etc/namedb/dynamic
drwxr-xr-x  2 root  wheel  512 Apr 14  2008 /var/named/etc/namedb/master
drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/etc/namedb/slave
drwxr-xr-x  6 root  wheel  512 Dec 16  2007 /var/named/var
drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/var/dump
drwxr-xr-x  2 bind  wheel  512 Mar 17 08:08 /var/named/var/log
drwxr-xr-x  3 bind  wheel  512 Mar  5 22:21 /var/named/var/run
drwxr-xr-x  2 bind  wheel  512 Feb 10 18:19 /var/named/var/run/named
drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/var/stats
As you can see not everything is writable by bind. Only the directories it really needs to write in when running.
 
Hi

I had a look and all my dirs looks fine here is the output
Code:
# find /etc/namedb/ -type d | xargs ls -ld
drwxr-xr-x  5 root  wheel  512 Mar 17 20:41 /etc/namedb/
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /etc/namedb/dynamic
drwxr-xr-x  2 root  wheel  512 Mar 13 11:59 /etc/namedb/master
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /etc/namedb/slave
# find /var/named/ -type d | xargs ls -ld
drwxr-xr-x  5 root  wheel  512 Jul 28  2008 /var/named/
dr-xr-xr-x  4 root  wheel  512 Mar 18 09:44 /var/named/dev
drwxr-xr-x  3 root  wheel  512 Aug  1  2008 /var/named/etc
drwxr-xr-x  5 root  wheel  512 Mar 17 20:41 /var/named/etc/namedb
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/etc/namedb/dynamic
drwxr-xr-x  2 root  wheel  512 Mar 13 11:59 /var/named/etc/namedb/master
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/etc/namedb/slave
drwxr-xr-x  6 root  wheel  512 Jul 28  2008 /var/named/var
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/dump
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/log
drwxr-xr-x  3 bind  wheel  512 Mar 18 09:44 /var/named/var/run
drwxr-xr-x  2 bind  wheel  512 Mar 18 09:44 /var/named/var/run/named
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/stats

I can't see any differences that would cause this error message
 
/var/named/etc/namedb needs to be writable for that error message to go away.

I was getting this warning as well but just kept ignoring it. After chowning that directory to bind:bind the error has gone away. I think this is your problem as well.

# chown -R bind:bind /var/named/etc/namedb
 
Thanks for the reply but I don't think that is the answer because after doing that and restarting named I get the following

Code:
# /etc/rc.d/named restart
Stopping named.
Waiting for PIDS: 67273.
etc/namedb changed
        user expected 0 found 53 modified
        gid expected 0 found 53 modified
etc/namedb/dynamic changed
        gid expected 0 found 53 modified
etc/namedb/master changed
        user expected 0 found 53 modified
        gid expected 0 found 53 modified
etc/namedb/slave changed
        gid expected 0 found 53 modified
Starting named.

and then everything is back to the way it was and I'm stuck with this error again
 
I just re-checked my bind. I also get that message, everything works as it should though.
 
My bind is blissfully silent, even though everything is bind:bind.

Code:
# /etc/rc.d/named restart
Stopping named.
Waiting for PIDS: 96857.
Starting named.

Code:
Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.770 stopping command channel on 127.0.0.1#953
Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.770 stopping command channel on ::1#953
Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.814 exiting
Mar 24 14:09:56 hail named[12778]: starting BIND 9.6.0-P1 -u bind
Mar 24 14:09:56 hail named[12778]: built with '--localstatedir=/var' '--disable-linux-caps' '--with-randomdev=/dev/random' '--with-openssl=/usr/local' '--with-libxml2=/usr/local' '--without-idn' '--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info/' '--build=i386-portbld-freebsd7.1' 'build_alias=i386-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/local/lib' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -pipe'
Mar 24 14:09:56 hail named[12778]: command channel listening on 127.0.0.1#953
Mar 24 14:09:56 hail named[12778]: command channel listening on ::1#953
Mar 24 14:09:57 hail named[12778]: 24-Mar-2009 14:09:57.056 running

Mind:
starting BIND 9.6.0-P1 -u bind

rc.conf settings:

Code:
named_enable="YES"
named_program="/usr/sbin/named"
named_flags="-u bind"
named_pidfile="/etc/namedb/named.pid"
named_chrootdir=""
named_chroot_autoupdate="NO"
named_symlink_enable="NO"
 
Well I guess one solution would be to go to the ports version and forget about the default bind but it would be nice to know what is the cause of this problem.
 
hamba said:
etc/namedb changed
user expected 0 found 53 modified
gid expected 0 found 53 modified

Those messages almost seem to be saying that it knows, somehow, some way what the uid/gid used to be and it knows that they've changed.

If I were you I'd be tempted to blow away (or mv aside) /var/named/*, set the permissions correctly, and then start bind. This is just a wild guess though. Take it with a grain of salt :)
 
hamba said:
Well I guess one solution would be to go to the ports version and forget about the default bind but it would be nice to know what is the cause of this problem.

Is it resolved if you (as root):

Code:
# cd /var/named/
# chown bind:wheel .
# chown -R bind:wheel *
# chmod -R g+w *
# chmod -R g+r *
 
nope,

This time around it picked up on the chmod as well and changed them back to 0755
Even by comparing named dirs to a system that doesn't use bind they all look the same.
 
hamba said:
This time around it picked up on the chmod as well and changed them back to 0755

Your machine is possessed! Are you sure this is a default install?

I'm running BIND 9.4.2-P2 on FreeBSD 7.1-STABLE #17: Tue Feb 17 20:07:52 EST 2009 amd64 and I do not get any of the behaviour you are reporting, let alone the system "knowing" when file permissions have changed and then changing them back by itself. There's something else going on here.
 
maybe it is maybe it isn't
I'm running FreeBSD 7.1-STABLE #0: Tue Mar 17 16:31:18 GMT 2009 GENERIC amd64
Also there is an mtree thingy in /etc/mtree for bind
Code:
# cat /etc/mtree/BIND.chroot.dist
# $FreeBSD: src/etc/mtree/BIND.chroot.dist,v 1.6 2004/11/04 05:24:29 gshapiro Exp $
#
# Please see the file src/etc/mtree/README before making changes to this file.
#

/set type=dir uname=root gname=wheel mode=0755
.
    dev             mode=0555
    ..
    etc
        namedb
            dynamic uname=bind
            ..
            master
            ..
            slave   uname=bind
            ..
        ..
    ..
/set type=dir uname=bind gname=wheel mode=0755
    var             uname=root
        dump
        ..
        log
        ..
        run
            named
            ..
        ..
        stats
        ..
    ..
..

This is what I believe is chmod/chown the dirs back to defaults.
 
I received the same warning message using the version of Bind included with 7.1-RELEASE and 7.2-STABLE; after installing the port from dns/bind96 the error cleared itself up with no changes on my part.
 
Back
Top