After doing the above steps, I have modified the nsd.conf to have a line: logfile: "/var/log/nsd/nsd.log" It gives the same error. My wild guess is that the /var and /var/log has no write permission for nsd user. So, even if I point the log file to /var/log/nsd/nsd.conf, it's the same thing as default pointing to /var/log/nsd.conf. I think,just to make Debian able to write logs to a file is a big issue. Better to shift to another distribution, Can anybody confirm if this is not an issue on Centos or OpenBSD? On Sun, Jun 19, 2022 at 12:36 AM Simon Deziel via nsd-users < nsd-users at lists.nlnetlabs.nl> wrote:> Please share the NSD config you are using, I'll try to reproduce locally. > > On 2022-06-18 15:06, Mukul Shukla via nsd-users wrote: > > I did not work. > > Same error > > > > > > On Sat, Jun 18, 2022 at 11:14 PM Simon Deziel via nsd-users < > > nsd-users at lists.nlnetlabs.nl> wrote: > > > >> Hi Mukul, > >> > >> On 2022-06-18 11:21, Mukul Shukla via nsd-users wrote: > >>> Dear All, > >>> > >>> I have recently shifted my Authoritative DNS server from very old > TinyDNS > >>> to NSD. Presently it is in a very primitive stage, but working > >> absolutely > >>> fine. > >>> > >>> I have installed NSD on Debian Testing because I could find a > relatively > >>> newer version of NSD on Debian Testing. I am running the NSD version > >> 4.5.0. > >>> I am enabling the NSD logging to /var/log/nsd.log. When I check the > >> status > >>> of the NSD demon by "systemctl status nsd", I get the following error > >>> message. > >>> > >>> Jun 18 20:39:02 ns1 systemd[1]: Starting Name Server Daemon... > >>> Jun 18 20:39:02 ns1 nsd[1884]: [2022-06-18 20:39:02.460] nsd[1884]: > >> error: > >>> Cannot open /var/log/nsd.log for appending (Permission denied), logging > >> to > >>> stderr > >>> Jun 18 20:39:02 ns1 nsd[1884]: [2022-06-18 20:39:02.460] nsd[1884]: > >>> warning: chown /var/log/nsd.log failed: Read-only file system > >> > >> The systemd unit shipped by Debian assumes default logging to syslog. As > >> such, the systemd unit needs to be edit if you want file logging: > >> > >> sudo systemctl edit nsd # will open $EDITOR > >> > >> Then put the following and save: > >> > >> # Allow file logging to dedicated dir > >> ReadWritePaths=/var/log/nsd > >> > >> And create the directory and restart NSD: > >> > >> sudo mkdir /var/log/nsd > >> sudo chown nsd: /var/log/nsd > >> sudo systemctl restart nsd > >> > >> > >> The above has NSD log to a subdirectory as it is safer than granting > >> write access to all /var/log. > >> > >> HTH, > >> Simon > >> _______________________________________________ > >> nsd-users mailing list > >> nsd-users at lists.nlnetlabs.nl > >> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users > >> > > > > > > _______________________________________________ > > nsd-users mailing list > > nsd-users at lists.nlnetlabs.nl > > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users > > _______________________________________________ > nsd-users mailing list > nsd-users at lists.nlnetlabs.nl > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20220619/c3064180/attachment.htm>
Oops, my bad, I forgot to include "[Service]" in the `systemctl edit` snippet. You need to put the following in the $EDITOR: [Service] # Allow file logging to dedicated dir ReadWritePaths=/var/log/nsd Then restart NSD. Then to have NSD create the file, I called: `sudo nsd-control stats`. On 2022-06-18 15:23, Mukul Shukla via nsd-users wrote:> After doing the above steps, I have modified the nsd.conf to have a line: > logfile: "/var/log/nsd/nsd.log" > It gives the same error. > > My wild guess is that the /var and /var/log has no write permission for nsd > user. > So, even if I point the log file to /var/log/nsd/nsd.conf, it's the same > thing as default pointing to /var/log/nsd.conf. > > I think,just to make Debian able to write logs to a file is a big issue. > Better to shift to another distribution, > Can anybody confirm if this is not an issue on Centos or OpenBSD? > > > On Sun, Jun 19, 2022 at 12:36 AM Simon Deziel via nsd-users < > nsd-users at lists.nlnetlabs.nl> wrote: > >> Please share the NSD config you are using, I'll try to reproduce locally. >> >> On 2022-06-18 15:06, Mukul Shukla via nsd-users wrote: >>> I did not work. >>> Same error >>> >>> >>> On Sat, Jun 18, 2022 at 11:14 PM Simon Deziel via nsd-users < >>> nsd-users at lists.nlnetlabs.nl> wrote: >>> >>>> Hi Mukul, >>>> >>>> On 2022-06-18 11:21, Mukul Shukla via nsd-users wrote: >>>>> Dear All, >>>>> >>>>> I have recently shifted my Authoritative DNS server from very old >> TinyDNS >>>>> to NSD. Presently it is in a very primitive stage, but working >>>> absolutely >>>>> fine. >>>>> >>>>> I have installed NSD on Debian Testing because I could find a >> relatively >>>>> newer version of NSD on Debian Testing. I am running the NSD version >>>> 4.5.0. >>>>> I am enabling the NSD logging to /var/log/nsd.log. When I check the >>>> status >>>>> of the NSD demon by "systemctl status nsd", I get the following error >>>>> message. >>>>> >>>>> Jun 18 20:39:02 ns1 systemd[1]: Starting Name Server Daemon... >>>>> Jun 18 20:39:02 ns1 nsd[1884]: [2022-06-18 20:39:02.460] nsd[1884]: >>>> error: >>>>> Cannot open /var/log/nsd.log for appending (Permission denied), logging >>>> to >>>>> stderr >>>>> Jun 18 20:39:02 ns1 nsd[1884]: [2022-06-18 20:39:02.460] nsd[1884]: >>>>> warning: chown /var/log/nsd.log failed: Read-only file system >>>> >>>> The systemd unit shipped by Debian assumes default logging to syslog. As >>>> such, the systemd unit needs to be edit if you want file logging: >>>> >>>> sudo systemctl edit nsd # will open $EDITOR >>>> >>>> Then put the following and save: >>>> >>>> # Allow file logging to dedicated dir >>>> ReadWritePaths=/var/log/nsd >>>> >>>> And create the directory and restart NSD: >>>> >>>> sudo mkdir /var/log/nsd >>>> sudo chown nsd: /var/log/nsd >>>> sudo systemctl restart nsd >>>> >>>> >>>> The above has NSD log to a subdirectory as it is safer than granting >>>> write access to all /var/log. >>>> >>>> HTH, >>>> Simon >>>> _______________________________________________ >>>> nsd-users mailing list >>>> nsd-users at lists.nlnetlabs.nl >>>> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users >>>> >>> >>> >>> _______________________________________________ >>> nsd-users mailing list >>> nsd-users at lists.nlnetlabs.nl >>> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users >> >> _______________________________________________ >> nsd-users mailing list >> nsd-users at lists.nlnetlabs.nl >> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users >> > > > _______________________________________________ > nsd-users mailing list > nsd-users at lists.nlnetlabs.nl > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
No, that?s not the problem. Shifting to another distribution will not help you if you don?t know what you are doing. The user under nsd is running has no write permissions to the location listed and it could be more things - non-matching permissions on the log-file, non-matching permissions on the directory, AppArmor profile, SELinux profile, chroot/jail. You are not sharing the whole story, just tiny bits, so it?s really hard to help you. Ondrej -- Ond?ej Sur? <ondrej at sury.org> (He/Him)> On 18. 6. 2022, at 21:22, Mukul Shukla via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > > I think,just to make Debian able to write logs to a file is a big issue. Better to shift to another distribution, > Can anybody confirm if this is not an issue on Centos or OpenBSD?