Andrew Lester
2014-09-20 17:46:24 UTC
Hi all,
I am running OpenBSD 5.5-STABLE, and I am experiencing some frustration with BIND. I use
it for my internal DNS which works great. However, I now need to do some work with Active
Directory and create a domain controller. I do not want to use the Microsoft DNS server,
I am trying to use my BIND server and keep things "simple".
Problem:
The domain controller needs to perform dynamic DNS updates. Despite my best efforts,
the dynamic update sent from the domain controller to my BIND server always results in the
BIND server responding with a "server failure" (code 2) message.
Upon inspecting my named logs, this is the problem:
general: info: journal file master/db.home.lan.jnl does not exist, creating it
general: error: master/db.home.lan.jnl: create: permission denied
The zone journal file can't be created, presumably because the chrooted location BIND is
attempting to create the file (/var/named/master) only has permissions for root:wheel, not
the named user/group which the process runs as.
I thought I would be smart and do:
# touch /var/named/master/db.home.lan.jnl
# chmod 666 /var/named/master/db.home.jnl
This however also fails (even 777). I would see log entries for the dynamic updates now, but
then those are followed up with these errors:
update: info: client 192.168.1.250#51951: updating zone 'home.lan/IN': error: journal open failed: no more
This is my zone configuration in named.conf:
zone "home.lan" in {
type master;
file "master/db.home.lan";
allow-update { 192.168.1.250; };
};
192.168.1.250 is the IP address of the domain controller. Note I am not using DNSSEC or
keys here. I am aware this is not particularly secure, but this is my personal network
and I just need to test some basic functionality with Active Directory.
Does anybody know what I can do to make the zone journal file be accessible by named?
Warm regards,
Andrew
I am running OpenBSD 5.5-STABLE, and I am experiencing some frustration with BIND. I use
it for my internal DNS which works great. However, I now need to do some work with Active
Directory and create a domain controller. I do not want to use the Microsoft DNS server,
I am trying to use my BIND server and keep things "simple".
Problem:
The domain controller needs to perform dynamic DNS updates. Despite my best efforts,
the dynamic update sent from the domain controller to my BIND server always results in the
BIND server responding with a "server failure" (code 2) message.
Upon inspecting my named logs, this is the problem:
general: info: journal file master/db.home.lan.jnl does not exist, creating it
general: error: master/db.home.lan.jnl: create: permission denied
The zone journal file can't be created, presumably because the chrooted location BIND is
attempting to create the file (/var/named/master) only has permissions for root:wheel, not
the named user/group which the process runs as.
I thought I would be smart and do:
# touch /var/named/master/db.home.lan.jnl
# chmod 666 /var/named/master/db.home.jnl
This however also fails (even 777). I would see log entries for the dynamic updates now, but
then those are followed up with these errors:
update: info: client 192.168.1.250#51951: updating zone 'home.lan/IN': error: journal open failed: no more
This is my zone configuration in named.conf:
zone "home.lan" in {
type master;
file "master/db.home.lan";
allow-update { 192.168.1.250; };
};
192.168.1.250 is the IP address of the domain controller. Note I am not using DNSSEC or
keys here. I am aware this is not particularly secure, but this is my personal network
and I just need to test some basic functionality with Active Directory.
Does anybody know what I can do to make the zone journal file be accessible by named?
Warm regards,
Andrew