Cannot get official CentOS 5.4 BIND package to start
- by Brian Cline
Yesterday I installed CentOS 5.4 on one of my servers, and it appears that the official BIND/named package has trouble starting for reasons I cannot deduce.
Here is what happens:
[root@hal init.d]# service named start
Starting named:
Error in named configuration:
/etc/named.conf:57: open: named.root.hints: permission denied
[FAILED]
The line in question, with the directory option for context:
// further up in the file:
directory "/var/named";
// line 57:
include "named.root.hints";
Like you, my first reaction was to check permissions on /var/named/named.root.hints, /var/named, and /var to make sure the named user would be able to read it. Here are the permissions at each level:
drwxr-xr-x 19 root root 4096 Nov 3 02:05 var
drwxr-x--- 5 root named 4096 Nov 3 02:36 named
-rw-r--r-- 1 named named 524 Mar 29 2006 named.root.hints
Everything appears to be fine permission-wise. The same error occurs if the /var/named directory is writable by the named user. I've even temporarily allowed the named user to log in via bash, su'ed from root to named, and checked that I was, in fact, able to cat /var/named/named.root.hints successfully. (Yes, don't worry: I changed the shell back to nologin).
My last endeavor showed that BIND is able to run under the named user account and start up just fine, if done so manually:
[root@hal ~]# named -u named -g
03-Nov-2009 16:31:02.021 starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5 -u named -g
03-Nov-2009 16:31:02.021 adjusted limit on open files from 1024 to 1048576
03-Nov-2009 16:31:02.021 found 2 CPUs, using 2 worker threads
03-Nov-2009 16:31:02.021 using up to 4096 sockets
03-Nov-2009 16:31:02.028 loading configuration from '/etc/named.conf'
03-Nov-2009 16:31:02.030 using default UDP/IPv4 port range: [1024, 65535]
03-Nov-2009 16:31:02.031 using default UDP/IPv6 port range: [1024, 65535]
03-Nov-2009 16:31:02.034 listening on IPv4 interface lo, 127.0.0.1#53
03-Nov-2009 16:31:02.034 listening on IPv4 interface eth0, 10.0.0.5#53
03-Nov-2009 16:31:02.034 listening on IPv4 interface eth1, ww.xx.yy.zz#53
03-Nov-2009 16:31:02.040 command channel listening on 127.0.0.1#953
03-Nov-2009 16:31:02.040 command channel listening on ::1#953
03-Nov-2009 16:31:02.040 ignoring config file logging statement due to -g option
03-Nov-2009 16:31:02.041 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
03-Nov-2009 16:31:02.042 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
03-Nov-2009 16:31:02.042 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
03-Nov-2009 16:31:02.042 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700
03-Nov-2009 16:31:02.043 zone localdomain/IN/localhost_resolver: loaded serial 42
03-Nov-2009 16:31:02.043 zone localhost/IN/localhost_resolver: loaded serial 42
03-Nov-2009 16:31:02.043 zone x.y.z.in-addr.arpa/IN/internal: loaded serial 1
03-Nov-2009 16:31:02.044 zone x.y.z/IN/internal: loaded serial 2
03-Nov-2009 16:31:02.045 running
What type and size of firearm should I use to resolve this? I'd prefer something with automatic ammunition, and, at worst, it should be able to fit on my shoulder. Of course I am open to suggestions.
