samba - Dec 2015 - How to switch from internal DNS to Bind

On 12/31/2015 10:10 AM, Rowland penny wrote:
> On 31/12/15 14:43, James wrote:
>> On 12/30/2015 4:14 PM, Rowland penny wrote:
>>> ./configure --prefix=/usr --mandir=/usr/share/man 
>>> --infodir=/usr/share/info --sysconfdir=/etc/bind 
>>> --localstatedir=/var --enable-threads --enable-largefile 
>>> --with-libtool --enable-shared --enable-static --with-openssl=/usr 
>>> --with-gssapi=/usr --with-dlopen=yes --with-gnu-ld --enable-ipv6 
>>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' 
>>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' 
>>> CPPFLAGS='-D_FORTIFY_SOURCE=2'
>> I seem to have a few errors in my syslog.
>>
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
>> Permission denied
>> Dec 31 09:35:17 VMDC1 named[24025]: generating session key for 
>> dynamic DNS
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
>> Permission denied
>> Dec 31 09:35:17 VMDC1 named[24025]: could not create 
>> /var/run/named/session.key
>> Dec 31 09:35:17 VMDC1 named[24025]: failed to generate session key 
>> for dynamic DNS: permission denied
>> Dec 31 09:35:17 VMDC1 named[24025]: sizing zone task pool based on 3 
>> zones
>> Dec 31 09:35:17 VMDC1 named[24025]: set up managed keys zone for view 
>> _default, file 'managed-keys.bind'
>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from 
>> '/etc/bind/rndc.key'
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 
>> 127.0.0.1#953: file not found
>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from 
>> '/etc/bind/rndc.key'
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 
>> ::1#953: file not found
>> Dec 31 09:35:17 VMDC1 named[24025]: the working directory is not 
>> writable
>> Dec 31 09:35:17 VMDC1 named[24025]: managed-keys-zone: loaded serial 0
>> Dec 31 09:35:17 VMDC1 named[24025]: zone 0.0.127.in-addr.arpa/IN: 
>> loaded serial 2013050101
>> Dec 31 09:35:17 VMDC1 named[24025]: zone localhost/IN: loaded serial 
>> 2013050101
>> Dec 31 09:35:17 VMDC1 named[24025]: all zones loaded
>> Dec 31 09:35:17 VMDC1 named[24025]: running
>>
>> I compiled using 9.9.8-P2 and your suggested configure options. I see 
>> /run is owned by root:root. Should I give group 'named'
permission to
>> this folder? It's not documented in the wiki as needed.
>>
>
> Did you run 'make install' as root or via sudo ? sorry, but I
should
> have been a bit more explicit. I don't remember having to change 
> anything. I will dig out my notes and see if there was anything else.
>
> Rowland
>
>
I did everything as root.

-- 
-James

On 31/12/15 15:27, James wrote:
> On 12/31/2015 10:10 AM, Rowland penny wrote:
>> On 31/12/15 14:43, James wrote:
>>> On 12/30/2015 4:14 PM, Rowland penny wrote:
>>>> ./configure --prefix=/usr --mandir=/usr/share/man 
>>>> --infodir=/usr/share/info --sysconfdir=/etc/bind 
>>>> --localstatedir=/var --enable-threads --enable-largefile 
>>>> --with-libtool --enable-shared --enable-static
--with-openssl=/usr
>>>> --with-gssapi=/usr --with-dlopen=yes --with-gnu-ld
--enable-ipv6
>>>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' 
>>>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' 
>>>> CPPFLAGS='-D_FORTIFY_SOURCE=2'
>>> I seem to have a few errors in my syslog.
>>>
>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
>>> Permission denied
>>> Dec 31 09:35:17 VMDC1 named[24025]: generating session key for 
>>> dynamic DNS
>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
>>> Permission denied
>>> Dec 31 09:35:17 VMDC1 named[24025]: could not create 
>>> /var/run/named/session.key
>>> Dec 31 09:35:17 VMDC1 named[24025]: failed to generate session key 
>>> for dynamic DNS: permission denied
>>> Dec 31 09:35:17 VMDC1 named[24025]: sizing zone task pool based on
3
>>> zones
>>> Dec 31 09:35:17 VMDC1 named[24025]: set up managed keys zone for 
>>> view _default, file 'managed-keys.bind'
>>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel
from
>>> '/etc/bind/rndc.key'
>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command
channel
>>> 127.0.0.1#953: file not found
>>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel
from
>>> '/etc/bind/rndc.key'
>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command
channel
>>> ::1#953: file not found
>>> Dec 31 09:35:17 VMDC1 named[24025]: the working directory is not 
>>> writable
>>> Dec 31 09:35:17 VMDC1 named[24025]: managed-keys-zone: loaded
serial 0
>>> Dec 31 09:35:17 VMDC1 named[24025]: zone 0.0.127.in-addr.arpa/IN: 
>>> loaded serial 2013050101
>>> Dec 31 09:35:17 VMDC1 named[24025]: zone localhost/IN: loaded
serial
>>> 2013050101
>>> Dec 31 09:35:17 VMDC1 named[24025]: all zones loaded
>>> Dec 31 09:35:17 VMDC1 named[24025]: running
>>>
>>> I compiled using 9.9.8-P2 and your suggested configure options. I 
>>> see /run is owned by root:root. Should I give group 'named'
>>> permission to this folder? It's not documented in the wiki as
needed.
>>>
>>
>> Did you run 'make install' as root or via sudo ? sorry, but I
should
>> have been a bit more explicit. I don't remember having to change 
>> anything. I will dig out my notes and see if there was anything else.
>>
>> Rowland
>>
>>
> I did everything as root.
>
Can you post your bind conf files, and your bind init file
Also does /var/run exist

Rowland

On 12/31/2015 10:34 AM, Rowland penny wrote:
> On 31/12/15 15:27, James wrote:
>> On 12/31/2015 10:10 AM, Rowland penny wrote:
>>> On 31/12/15 14:43, James wrote:
>>>> On 12/30/2015 4:14 PM, Rowland penny wrote:
>>>>> ./configure --prefix=/usr --mandir=/usr/share/man 
>>>>> --infodir=/usr/share/info --sysconfdir=/etc/bind 
>>>>> --localstatedir=/var --enable-threads --enable-largefile 
>>>>> --with-libtool --enable-shared --enable-static
--with-openssl=/usr
>>>>> --with-gssapi=/usr --with-dlopen=yes --with-gnu-ld
--enable-ipv6
>>>>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' 
>>>>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' 
>>>>> CPPFLAGS='-D_FORTIFY_SOURCE=2'
>>>> I seem to have a few errors in my syslog.
>>>>
>>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir 
>>>> '/var/run/named': Permission denied
>>>> Dec 31 09:35:17 VMDC1 named[24025]: generating session key for 
>>>> dynamic DNS
>>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir 
>>>> '/var/run/named': Permission denied
>>>> Dec 31 09:35:17 VMDC1 named[24025]: could not create 
>>>> /var/run/named/session.key
>>>> Dec 31 09:35:17 VMDC1 named[24025]: failed to generate session
key
>>>> for dynamic DNS: permission denied
>>>> Dec 31 09:35:17 VMDC1 named[24025]: sizing zone task pool based
on
>>>> 3 zones
>>>> Dec 31 09:35:17 VMDC1 named[24025]: set up managed keys zone
for
>>>> view _default, file 'managed-keys.bind'
>>>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel
>>>> from '/etc/bind/rndc.key'
>>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command
channel
>>>> 127.0.0.1#953: file not found
>>>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel
>>>> from '/etc/bind/rndc.key'
>>>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command
channel
>>>> ::1#953: file not found
>>>> Dec 31 09:35:17 VMDC1 named[24025]: the working directory is
not
>>>> writable
>>>> Dec 31 09:35:17 VMDC1 named[24025]: managed-keys-zone: loaded
serial 0
>>>> Dec 31 09:35:17 VMDC1 named[24025]: zone
0.0.127.in-addr.arpa/IN:
>>>> loaded serial 2013050101
>>>> Dec 31 09:35:17 VMDC1 named[24025]: zone localhost/IN: loaded 
>>>> serial 2013050101
>>>> Dec 31 09:35:17 VMDC1 named[24025]: all zones loaded
>>>> Dec 31 09:35:17 VMDC1 named[24025]: running
>>>>
>>>> I compiled using 9.9.8-P2 and your suggested configure options.
I
>>>> see /run is owned by root:root. Should I give group
'named'
>>>> permission to this folder? It's not documented in the wiki
as needed.
>>>>
>>>
>>> Did you run 'make install' as root or via sudo ? sorry, but
I should
>>> have been a bit more explicit. I don't remember having to
change
>>> anything. I will dig out my notes and see if there was anything
else.
>>>
>>> Rowland
>>>
>>>
>> I did everything as root.
>>
>
> Can you post your bind conf files, and your bind init file
> Also does /var/run exist
>
> Rowland
>
>
>
I forgot, I do not want to update the distro at the moment. My 
production is currently on 12.04. Want to keep things symmetrical. I'm 
going to compile and build bind again.

mount | grep /run
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)



-- 
-James