named.conf: permission denied

August 1, 2022 by Rumi

This was the error I was getting after a doing a little change in the named.conf in my newly installed vesta control panel. While restarting the named, I was getting this error-

[root@vesta2 ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2022-08-01 14:37:25 +06; 6s ago
Process: 3478 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
Process: 3475 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: found 2 CPUs, using 2 worker threads
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: using 1 UDP listener per interface
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: using up to 21000 sockets
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: loading configuration from '/etc/named.conf'
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: open: /etc/named.conf: permission denied
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: loading configuration: permission denied
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: named.service: control process exited, code=exited status=1
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: Unit named.service entered failed state.
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: named.service failed.

Solution:

Step-1: Execute the following command-

restorecon -RFv /etc/named.conf

Step-2: Setting permission-

chmod 644 /etc/named.conf

Build an openDNS recursive resolver DNS using Bind

December 18, 2021 by Rumi

It’s a small thing, but someone might feel it to be useful of running a public DNS like google has 8.8.8.8. You actually can build a recursive DNS and serve to the world (instead to your network user only! 🙂 )

It’s pretty simple, all you need is the have your bind package installed and some very basic configurations like below-

nano /etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

nano /etc/bind/named.conf.options

Continue reading “Build an openDNS recursive resolver DNS using Bind” »

DNS Slave Using Virtualmin

July 19, 2019 by Rumi

DNS Slave Auto-Configuration Quickstart

A quick guide to assist administrators who want to use Virtualmin’s automatic DNS slave configuration features. This allows for DNS server redundancy.

Introduction

Virtualmin can automatically manage any number of DNS slave servers for you. Once configured, it will create slave zones on other servers and configure them to automatically update when changes are made on your Virtualmin server. For this to work, you need Virtualmin on your primary server and Webmin (a free download) on your slave server(s). Henceforth, all references will refer to the primary server as the “Virtualmin server” and the DNS slave server as the “slave server”.

Getting Webmin for the Slave

If you don’t have Virtualmin installed on your slave server(s), you’ll need to install Webmin. Webmin is available for nearly every UNIX and Linux variant available, and is free to download and use. Continue reading “DNS Slave Using Virtualmin” »

DNS Forwarder and Transfer using Bind and Webmin

June 29, 2018 by Rumi

To point your BIND based DNS server to use OpenDNS resolvers for external resolution you need to modify the named.conf.options and add the OpenDNS resolvers as forwarders. This can be done in two ways:

via the command line, Shell\SSH
via a GUI if you have Webmin installed on your BIND server

Shell\SSH Instructions

Attach directly to your server or ssh to it. From there, go into /etc/bind/. This is the default location so you may need to change this based on your configuration.

From there you will need to edit named.conf.options with your favorite text editor. Continue reading “DNS Forwarder and Transfer using Bind and Webmin” »

Bind DNS Auto Slave Using Webmin

June 13, 2018 by Rumi

The latest webmin has bug! In this tutorials I’m using webmin verison 1.801- that actually works. Don’t know if webmin team really knows are aware of the bug 🙁

So, let’s start. But before that, it’s assumed that you have webmin installed in both the servers.

Configuring Webmin Server Continue reading “Bind DNS Auto Slave Using Webmin” »

BIND ACL to restrict zone trasfer with IP address

December 17, 2017 by Rumi

You need to define ACL in /etc/named.conf or /etc/bind/named.conf.local file. Let us say IP 1.2.3.4 and 1.2.3.5 are allowed to transfer your zones.

# vi named.conf or vi /etc/bind/named.conf.local

Here is sample entry for domain domain.org.bd (ns1 configuration):

acl trusted-servers {
1.2.3.4; //ns1
1.2.3.5; //ns2
};

zone "domain.org.bd" {
 type master;
 file "/var/lib/bind/domain.org.bd.hosts";
 also-notify {
1.2.3.5; 
 };
 notify yes;
 allow-transfer { trusted-servers; };
 };

Continue reading “BIND ACL to restrict zone trasfer with IP address” »

Publishing long domain key SPF TXT records in bind9

September 5, 2017 by Rumi

If your bind is throwing error with long TXT data, you can do the following means to concatenate: You are using commas to separate your key/value pairs in your record instead of semi-colons. Change it to:

a9d04665528b593d263a6e5256648c99._domainkey IN 1800 TXT (
 "k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2/ZfhxSI/A"
 "bqgh0amM8ylrlosirWeKShUhq7fg12aYmRwOqq9hIzO0Fcz1BzfgHVu6HU++rC5"
 "QoUK0JQK/nk4jwkDgvG2di2ZYmAvEbY/VeiK1x/TG0p1Iczr2k6Bj0gEAb/YGD2"
 "YbwrwAi4bDXwoPsYuuNn9TB3jjyWKu/dvOsqhff1/4Wc+FkOi0ClvgrXiklN28X"
 "TLjyjSyU794ntIoegXxrfwcwkhfPMvuqcnhfIC0Z8L71M4WR4SoHyNHVfBtNlUv"
 "VNROiXlMxtxnNQvfViSwz6LC8bYIxeAba3hSXPTChKu3qZtfR0o3jFwEWAfLQdg"
 "Ixler0jMEoAyJmfQIDAQAB")

List all DNS records from a Nameserver using nslookup

March 27, 2017 by Rumi

Method-1)
How to list all records below some domain name.

Usually it’s done from interactive nslookup mode, not from batch mode

nslookup - your_dns_server
>set q=any
>ls -d domain.name

listing may be prohibited by administrator or by firewall settings, in that case you get empty output or ‘not implemented’ errors.

Method-2)
How to get all records of the domain name itself. In that case you need to run on Windows:

nslookup -"set q=all" yourdomain.com

onUnix:

nslookup -q=any yourdomain.com

Fixing Bind for Webmin

October 5, 2014 by Rumi

First get rid of bind-chroot (if it is installed!)

yum -y remove bind-chroot

edit /etc/sysconfig/named and remove/comment out any lines that look like ROOTDIR="/var/named/chroot"

Fix the owner of /etc/named.conf with

chown named:named /etc/named.conf

In Webmin go to Servers > Bind DNS Server > Module Config and check the following configs Continue reading “Fixing Bind for Webmin” »

Bots!

Brain's Workbench

Tag Archives: Bind