Hi, this is the third time I install the Ubuntu server 7.10 (this time on a VMWare virtual machine on my laptop) and I do not seem to get very far. I installed BIND9 with Code: apt-get install bind9 as instructed and go through all the next steps. When I restart the bind9 deamon with Code: /etc/init.d/bind9 start the start fails. I look in the log and I see that named.conf is calling /etc/bind/named.conf.options which in turn tries to access directory /var/cache/bind Tha access fails with a 'Permission denied error'. Note the directory is empty. an ls -l shows this for the directory: Code: drwxr-xr-x 2 root root 4096 2007-12-28 18:13 bind When I comment out the reference in named.conf to named.conf.options I get the next problem (the start still fails) Code: could not open pid file /var/run/bind/run/named.pid Again, the directory is actually empty. It appears to me the system is still looking for files and directories in their old locations rather than in their chrooted place /var/lib/named/var/* I tried to create symlinks but to no avail. I tried to deinstall bind9 and reinstall - no better change. Can anyone help? chillifire Auckland, New Zealand
Files as requested Thanks for the prompt response. The files should have the standard content - I have not consciously changed anything in there. here goes named.conf : Code: // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; // zone "com" { type delegation-only; }; // zone "net" { type delegation-only; }; // From the release notes: // Because many of our users are uncomfortable receiving undelegated answers // from root or top level domains, other than a few for whom that behaviour // has been trusted and expected for quite some length of time, we have now // introduced the "root-delegations-only" feature which applies delegation-only // logic to all top level domains, and to the root domain. An exception list // should be specified, including "MUSEUM" and "DE", and any other top level // domains from whom undelegated responses are expected and trusted. // root-delegation-only exclude { "DE"; "MUSEUM"; }; include "/etc/bind/named.conf.local"; here goes named.conf.options: Code: options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you might need to uncomment the query-source // directive below. Previous versions of BIND always asked // questions using port 53, but BIND 8.1 and later use an unprivileged // port by default. // query-source address * port 53; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
No change Thanks for the reply. I did try this but here the result (no change, as far as I can make out: Code: root@martlet:~# chown bind:bind /var/cache/bind root@martlet:~# /etc/init.d/bind9 start * Starting domain name service... bind [fail] root@martlet:~# tail /var/log/syslog Dec 30 12:08:53 martlet ntpd[4301]: Listening on interface #7 eth1, 2002:3cea:65ce:e:20c:29ff:fea2:b4bd#123 Enabled Dec 30 12:09:01 martlet /USR/SBIN/CRON[4464]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm) Dec 30 12:09:16 martlet kernel: [ 371.912576] Failure registering capabilities with primary security module. Dec 30 12:09:16 martlet named[4495]: starting BIND 9.4.1-P1 -u bind -t /var/lib/named Dec 30 12:09:16 martlet named[4495]: found 1 CPU, using 1 worker thread Dec 30 12:09:16 martlet named[4495]: loading configuration from '/etc/bind/named.conf' Dec 30 12:09:16 martlet named[4495]: /etc/bind/named.conf.options:2: change directory to '/var/cache/bind' failed: permission denied Dec 30 12:09:16 martlet named[4495]: /etc/bind/named.conf.options:2: parsing failed Dec 30 12:09:16 martlet named[4495]: loading configuration: permission denied Dec 30 12:09:16 martlet named[4495]: exiting (due to fatal error)
Bind9 should be chrooted Thanks for the response. Here the file as requested. Code: OPTIONS="-u bind -t /var/lib/named" # Set RESOLVCONF=no to not run resolvconf RESOLVCONF=yes
Looks ok. Did you use the steps from chapter 12 on http://www.howtoforge.com/perfect_server_ubuntu7.10_p4 ?