named

Discussion related to network/web services such as Apache, BIND Sendmail, etc.

named

Postby hamba » 17 Mar 2009, 20:17

Hi

I am having trouble with the default bind on my server, its telling me that the working dir is not writeable but I can't see where the problem is coming from, I've even compared the dirs to our secondary dns server and all of them looks the same and bind is working perfectly or I haven't noticed any strange dns problems because of this.

I see this error every time I restart named
Code: Select all
Mar 17 19:23:22 server01 named[66256]: starting BIND 9.4.3-P1 -4 -t /var/named -u bind
Mar 17 19:23:22 server01 named[66256]: command channel listening on 127.0.0.1#953
Mar 17 19:23:22 server01 named[66256]: the working directory is not writable
Mar 17 19:23:22 server01 named[66256]: running


Can anyone please point me in the right direction on where the problem is coming from.

Thanks
hamba
hamba
Junior Member
 
Posts: 27
Joined: 17 Nov 2008, 18:00

Postby DutchDaemon » 17 Mar 2009, 20:26

User avatar
DutchDaemon
Old Fart
 
Posts: 10463
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby hamba » 17 Mar 2009, 20:45

Hi

Thanks for that link, I missed that the last time I did a search :S

What they are talking about over there is about moving bind into a jail, in my case its all default and the named.conf is also just as default.

Code: Select all
options {
    // Relative to the chroot directory, if any
    directory   "/etc/namedb";
    pid-file    "/var/run/named/pid";
    dump-file   "/var/dump/named_dump.db";
    statistics-file "/var/stats/named.stats";
....


I haven't changed anything that I know of that should affect bind in this way.
hamba
Junior Member
 
Posts: 27
Joined: 17 Nov 2008, 18:00

Postby DutchDaemon » 17 Mar 2009, 21:22

Well, all I can say that I never get that error, and I simply [FILE]chown[/FILE]'ed everything under [FILE]/var/named[/FILE], including [FILE]/var/named[/FILE] itself, to [FILE]bind:bind[/FILE]. I'm running BIND 9.6 from ports, replacing the base system BIND.

This is the directory layout:

Code: Select all
[ /var]# find named/ -type d | xargs ls -ld
drwxr-xr-x  5 bind  bind  512 May  2  2008 named/
dr-xr-xr-x  2 bind  bind  512 Feb 24  2008 named/dev
drwxr-xr-x  3 bind  bind  512 May  2  2008 named/etc
drwxr-xr-x  6 bind  bind  512 Mar 17 22:16 named/etc/namedb
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/etc/namedb/dynamic
drwxr-xr-x  2 bind  bind  512 Mar 17 00:00 named/etc/namedb/log
drwxr-xr-x  2 bind  bind  512 May  2  2008 named/etc/namedb/master
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/etc/namedb/slave
drwxr-xr-x  6 bind  bind  512 May  2  2008 named/var
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/dump
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/log
drwxr-xr-x  3 bind  bind  512 May  2  2008 named/var/run
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/run/named
drwxr-xr-x  2 bind  bind  512 Feb 24  2008 named/var/stats


ymmv
User avatar
DutchDaemon
Old Fart
 
Posts: 10463
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby trev » 19 Mar 2009, 01:03

Here's the bind source code for that error...

Code: Select all
        /*
         * Check that the working directory is writable.
         */
        if (access(".", W_OK) != 0) {
                isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
                              NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
                              "the working directory is not writable");
        }


So the working directory really is not writable :)
trev
Member
 
Posts: 354
Joined: 31 Dec 2008, 06:41

Postby SirDice » 19 Mar 2009, 08:18

I have bind from the base running, nothing special. Here's my directory layout:
Code: Select all
dice@maelcum:/etc>find /etc/namedb/ -type d | xargs ls -ld
drwxr-xr-x  5 root  wheel  512 Feb 10 18:15 /etc/namedb/
drwxr-xr-x  2 bind  wheel  512 Mar 18 09:28 /etc/namedb/dynamic
drwxr-xr-x  2 root  wheel  512 Apr 14  2008 /etc/namedb/master
drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /etc/namedb/slave
dice@maelcum:/etc>find /var/named/ -type d | xargs ls -ld
drwxr-xr-x  5 root  wheel  512 Dec 16  2007 /var/named/
dr-xr-xr-x  4 root  wheel  512 Feb 10 18:19 /var/named/dev
drwxr-xr-x  3 root  wheel  512 Dec 16  2007 /var/named/etc
drwxr-xr-x  5 root  wheel  512 Feb 10 18:15 /var/named/etc/namedb
drwxr-xr-x  2 bind  wheel  512 Mar 18 09:28 /var/named/etc/namedb/dynamic
drwxr-xr-x  2 root  wheel  512 Apr 14  2008 /var/named/etc/namedb/master
drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/etc/namedb/slave
drwxr-xr-x  6 root  wheel  512 Dec 16  2007 /var/named/var
drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/var/dump
drwxr-xr-x  2 bind  wheel  512 Mar 17 08:08 /var/named/var/log
drwxr-xr-x  3 bind  wheel  512 Mar  5 22:21 /var/named/var/run
drwxr-xr-x  2 bind  wheel  512 Feb 10 18:19 /var/named/var/run/named
drwxr-xr-x  2 bind  wheel  512 Oct 25  2007 /var/named/var/stats

As you can see not everything is writable by bind. Only the directories it really needs to write in when running.
User avatar
SirDice
Old Fart
 
Posts: 16161
Joined: 17 Nov 2008, 16:50
Location: Rotterdam, Netherlands

Postby hamba » 20 Mar 2009, 11:41

Hi

I had a look and all my dirs looks fine here is the output
Code: Select all
# find /etc/namedb/ -type d | xargs ls -ld
drwxr-xr-x  5 root  wheel  512 Mar 17 20:41 /etc/namedb/
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /etc/namedb/dynamic
drwxr-xr-x  2 root  wheel  512 Mar 13 11:59 /etc/namedb/master
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /etc/namedb/slave
# find /var/named/ -type d | xargs ls -ld
drwxr-xr-x  5 root  wheel  512 Jul 28  2008 /var/named/
dr-xr-xr-x  4 root  wheel  512 Mar 18 09:44 /var/named/dev
drwxr-xr-x  3 root  wheel  512 Aug  1  2008 /var/named/etc
drwxr-xr-x  5 root  wheel  512 Mar 17 20:41 /var/named/etc/namedb
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/etc/namedb/dynamic
drwxr-xr-x  2 root  wheel  512 Mar 13 11:59 /var/named/etc/namedb/master
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/etc/namedb/slave
drwxr-xr-x  6 root  wheel  512 Jul 28  2008 /var/named/var
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/dump
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/log
drwxr-xr-x  3 bind  wheel  512 Mar 18 09:44 /var/named/var/run
drwxr-xr-x  2 bind  wheel  512 Mar 18 09:44 /var/named/var/run/named
drwxr-xr-x  2 bind  wheel  512 Jul 14  2008 /var/named/var/stats


I can't see any differences that would cause this error message
hamba
Junior Member
 
Posts: 27
Joined: 17 Nov 2008, 18:00

Postby bobveznat » 24 Mar 2009, 05:13

/var/named/etc/namedb needs to be writable for that error message to go away.

I was getting this warning as well but just kept ignoring it. After chowning that directory to bind:bind the error has gone away. I think this is your problem as well.

# chown -R bind:bind /var/named/etc/namedb
bobveznat
Junior Member
 
Posts: 18
Joined: 24 Mar 2009, 04:49

Postby hamba » 24 Mar 2009, 09:44

Thanks for the reply but I don't think that is the answer because after doing that and restarting named I get the following

Code: Select all
# /etc/rc.d/named restart
Stopping named.
Waiting for PIDS: 67273.
etc/namedb changed
        user expected 0 found 53 modified
        gid expected 0 found 53 modified
etc/namedb/dynamic changed
        gid expected 0 found 53 modified
etc/namedb/master changed
        user expected 0 found 53 modified
        gid expected 0 found 53 modified
etc/namedb/slave changed
        gid expected 0 found 53 modified
Starting named.


and then everything is back to the way it was and I'm stuck with this error again
hamba
Junior Member
 
Posts: 27
Joined: 17 Nov 2008, 18:00

Postby SirDice » 24 Mar 2009, 12:49

I just re-checked my bind. I also get that message, everything works as it should though.
User avatar
SirDice
Old Fart
 
Posts: 16161
Joined: 17 Nov 2008, 16:50
Location: Rotterdam, Netherlands

Postby DutchDaemon » 24 Mar 2009, 13:10

My bind is blissfully silent, even though everything is bind:bind.

Code: Select all
# /etc/rc.d/named restart
Stopping named.
Waiting for PIDS: 96857.
Starting named.


Code: Select all
Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.770 stopping command channel on 127.0.0.1#953
Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.770 stopping command channel on ::1#953
Mar 24 14:09:54 hail named[96857]: 24-Mar-2009 14:09:54.814 exiting
Mar 24 14:09:56 hail named[12778]: starting BIND 9.6.0-P1 -u bind
Mar 24 14:09:56 hail named[12778]: built with '--localstatedir=/var' '--disable-linux-caps' '--with-randomdev=/dev/random' '--with-openssl=/usr/local' '--with-libxml2=/usr/local' '--without-idn' '--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info/' '--build=i386-portbld-freebsd7.1' 'build_alias=i386-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/local/lib' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -pipe'
Mar 24 14:09:56 hail named[12778]: command channel listening on 127.0.0.1#953
Mar 24 14:09:56 hail named[12778]: command channel listening on ::1#953
Mar 24 14:09:57 hail named[12778]: 24-Mar-2009 14:09:57.056 running


Mind:
starting BIND 9.6.0-P1 -u bind

rc.conf settings:

Code: Select all
named_enable="YES"
named_program="/usr/sbin/named"
named_flags="-u bind"
named_pidfile="/etc/namedb/named.pid"
named_chrootdir=""
named_chroot_autoupdate="NO"
named_symlink_enable="NO"
User avatar
DutchDaemon
Old Fart
 
Posts: 10463
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby hamba » 24 Mar 2009, 18:08

Well I guess one solution would be to go to the ports version and forget about the default bind but it would be nice to know what is the cause of this problem.
hamba
Junior Member
 
Posts: 27
Joined: 17 Nov 2008, 18:00

Postby bobveznat » 25 Mar 2009, 01:28

hamba wrote:etc/namedb changed
user expected 0 found 53 modified
gid expected 0 found 53 modified


Those messages almost seem to be saying that it knows, somehow, some way what the uid/gid used to be and it knows that they've changed.

If I were you I'd be tempted to blow away (or mv aside) /var/named/*, set the permissions correctly, and then start bind. This is just a wild guess though. Take it with a grain of salt :)
bobveznat
Junior Member
 
Posts: 18
Joined: 24 Mar 2009, 04:49

Postby trev » 25 Mar 2009, 05:23

hamba wrote:Well I guess one solution would be to go to the ports version and forget about the default bind but it would be nice to know what is the cause of this problem.


Is it resolved if you (as root):

Code: Select all
# cd /var/named/
# chown bind:wheel .
# chown -R bind:wheel *
# chmod -R g+w *
# chmod -R g+r *
trev
Member
 
Posts: 354
Joined: 31 Dec 2008, 06:41

Postby hamba » 25 Mar 2009, 09:34

nope,

This time around it picked up on the chmod as well and changed them back to 0755
Even by comparing named dirs to a system that doesn't use bind they all look the same.
hamba
Junior Member
 
Posts: 27
Joined: 17 Nov 2008, 18:00

Postby trev » 26 Mar 2009, 09:16

hamba wrote:This time around it picked up on the chmod as well and changed them back to 0755


Your machine is possessed! Are you sure this is a default install?

I'm running BIND 9.4.2-P2 on FreeBSD 7.1-STABLE #17: Tue Feb 17 20:07:52 EST 2009 amd64 and I do not get any of the behaviour you are reporting, let alone the system "knowing" when file permissions have changed and then changing them back by itself. There's something else going on here.
trev
Member
 
Posts: 354
Joined: 31 Dec 2008, 06:41

Postby hamba » 26 Mar 2009, 09:51

maybe it is maybe it isn't
I'm running FreeBSD 7.1-STABLE #0: Tue Mar 17 16:31:18 GMT 2009 GENERIC amd64
Also there is an mtree thingy in /etc/mtree for bind
Code: Select all
# cat /etc/mtree/BIND.chroot.dist
# $FreeBSD: src/etc/mtree/BIND.chroot.dist,v 1.6 2004/11/04 05:24:29 gshapiro Exp $
#
# Please see the file src/etc/mtree/README before making changes to this file.
#

/set type=dir uname=root gname=wheel mode=0755
.
    dev             mode=0555
    ..
    etc
        namedb
            dynamic uname=bind
            ..
            master
            ..
            slave   uname=bind
            ..
        ..
    ..
/set type=dir uname=bind gname=wheel mode=0755
    var             uname=root
        dump
        ..
        log
        ..
        run
            named
            ..
        ..
        stats
        ..
    ..
..


This is what I believe is chmod/chown the dirs back to defaults.
hamba
Junior Member
 
Posts: 27
Joined: 17 Nov 2008, 18:00

Postby SirDice » 26 Mar 2009, 09:58

trev wrote:Your machine is possessed! Are you sure this is a default install?

Not really, it's just what bind does.

Hamba: It's actually a warning not an error. You can safely ignore it. Bind will work nonetheless.

As far as I've been able to work it out it's a small bug in named. It checks for access at the wrong moment.

http://www.archivum.info/bind-users@isc.org/2008-07/msg00340.html
User avatar
SirDice
Old Fart
 
Posts: 16161
Joined: 17 Nov 2008, 16:50
Location: Rotterdam, Netherlands

Postby tiko » 15 May 2009, 14:29

I received the same warning message using the version of Bind included with 7.1-RELEASE and 7.2-STABLE; after installing the port from dns/bind96 the error cleared itself up with no changes on my part.
tiko
Junior Member
 
Posts: 32
Joined: 01 Dec 2008, 16:24
Location: 7sinzNet


Return to Web & Network Services

Who is online

Users browsing this forum: No registered users and 0 guests