Zone transfer, could not set file modification time / permission denied - Proxmox / Ubuntu 12LTS / Virtualmin

5 posts / 0 new
Last post
#1 Mon, 03/17/2014 - 07:28
mars-vie

Zone transfer, could not set file modification time / permission denied - Proxmox / Ubuntu 12LTS / Virtualmin

Hello!

We have 2 container on a Proxmox host system, each Ubuntu V12 LTS + Virtualmin/Webmin latest. VM1 and VM2 are set up with BIND - vice versa master/slave.

Zone transfers do work if BIND ist stopped and started again or if you do a system reboot. If a zone file is altered, the master notifies the slave, but I get a permission denied error in daemon.log on the slave machine:

zone domain.com/IN: refresh: could not set file modification time of '/var/lib/bind/domain.com.hosts': permission denied

The owner for zone files (user:group) is set to root:bind (BIND, Module Config, zone file options). I changed group/owner to root:bind on the slave /var/lib/bind - did not help.

Are there special permission requirements for /var/lib/bind and etc/bind?

Does anybody has encountered the same problems? Any hints?

Thanks in advance! Mars

Mon, 03/17/2014 - 07:34
Locutus

The ownership for the hosts files in /var/lib/bind should be "bind:bind", at least that's what they are on my Ubuntu systems.

I recall similar issues a while ago, which I solved by changing the default ownership for new zones in the Webmin config to "bind:bind" (Webmin -> Servers -> BIND -> Module Config -> Zone file options -> Owner for zone files". Existing zone files you need to "chown" manually.

Mon, 03/17/2014 - 12:52 (Reply to #2)
mars-vie

Thanks Locutus, I chowned the /var/lib/bind directories but still the same error.

The only thing I did not test yet is setting permissions to 777 (now 775). I setup RNDC again, checked the Webmin Servers Index/BIND Cluster Slave Servers, changed the owner for zone files, ......

I'm clueless and grateful for every tip!

Thanks!

Mon, 03/17/2014 - 13:54
Locutus

You wouldn't want to set those files to 777, because then any user on the system can modify them, since everyone has access to /var/lib/bind.

Please make sure that the all the files in /var/lib/bind have "bind:bind" as owner, and that they get re-created with that owner when the slave updates the zone.

You should not require RNDC for a simple zone update (after it was changed on the master), because that's something the BIND instances on both servers do by themselves thru the DNS protocol.

Also, I just noticed in your initial post you said that you found the errors in "daemon.log". I'm sorry, but I'm not familiar with that logfile on an Ubuntu system. :) Is it specifically from BIND? Or did you mean the syslog file?

Tue, 03/18/2014 - 10:04 (Reply to #4)
mars-vie

Hello Locutus,

it took a while - but now the zone transfer works! Setting the owner to "bind:bind" did it.

Thanks a lot! Mars

PS: daemon.log ist the BIND logfile in /var/log

Topic locked