I just set up a CentOS 5.2 system with bind9 (9.3.4-6.0.1.P1.el5) and I'm running up against a problem that seems to be related to SELinux. If I set named_disable_trans to 1, everything works as expected, but if I leave it enabled the server will only give me data for the zones for which it is authoritative. For external sites it returns a ServFail error. This is with nslookup and dig. If I start named from the command line with the command "named -u named", the server returns the expected response. tcpdump shows that the server is querying itself and getting a ServFail response. I figure that I'm missing something really basic, but not sure what. Debug logs show this: FAIL: clientmgr @0x2b491728c1d0: createclients clientmgr @0x2b491728c1d0: recycle . . . fctx 0x2b49173153e0(www.google.com/A'): shutdown client 192.168.213.111#33096: view internal: error Succeed: clientmgr @0x2b109771bd30: createclients clientmgr @0x2b109771bd30: create new . . . res 0x2b109778cae0: dns_resolver_prime res 0x2b109778cae0: priming createfetch: . NS fctx 0x2b109781e280(./NS'): create fctx 0x2b109781e280(./NS'): join fetch 0x2b109781e260 (fctx 0x2b109781e280(./NS)): created dns_adb_createfind: found A for name 0x2b109780fa70 in db fctx 0x2b109781e280(./NS'): start res 0x2b109778cae0: dns_resolver_prime fctx 0x2b109781e280(./NS'): try fctx 0x2b109781e280(./NS'): cancelqueries fctx 0x2b109781e280(./NS'): getaddresses dns_adb_createfind: found AAAA for name 0x2b109780fa70 . . . Any ideas? Thanks in advance, M
On Thu, Jul 10, 2008 at 7:22 PM, Meenoo Shivdasani <meenoo at gmail.com> wrote:> I'm running up against a problem that seems to be related to SELinux. > Any ideas?If it's SELinux related, have a look at /var/log/audit/audit.log, that will tell you what is being blocked in SELinux. That would be a good start. Let us know what you found there, then we might be able to help you a little more. HTH, Filipe
Seemingly Similar Threads
- Bind9 AD SDLZ driver failed to load
- FreeBSD-7.1STABLE w/BIND-9.4.3-P1 start problem
- Please Help! Dynamic DNS just will not work: " failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure"
- idmap uid range 10000-20000: pam_winbind does NOT work ?
- BDC Clients Unable to update DNS (PTR/A)